ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
119
Views
0
Helpful
8
Replies
Highlighted

Comunnication between voice networks (Best Practices?)

So I was wondering what is the best practice when it comes to voice networks and firewall ports, I remember that somebody told me that unrestricted access is the best way to go to avoid any one-way audio and similar, which makes sense for voice vlans, but now with Jabber and other Collaboration solutions, IP to IP is still recommended?

I found this URLs:

CUCM ports

Jabber ports

Adding a bunch of line on the firewall for all the ports and protocols is not completely smart (yes, you can use object groups but still is a lot of work, and difficult to troubleshoot in my opinion)

What is your recommendation or best practice to allow communication between collaboration subnets?

Thank you.

Rolando Valenzuela.

8 REPLIES 8
Highlighted
Advisor

Don't run them through a

Don't run voice through a firewall unless you really have to.

Highlighted

Unfortunately in my case, I

Unfortunately in my case, I have to :( if that is the case? IP2IP will be the best?

Thanks!

Rolando Valenzuela.

Highlighted
Hall of Fame Master

If you need to run voice

If you need to run voice through firewall you need to open the required ports as documented in Cisco guides.  It really depends on what is behind firewall, i.e. just phones, GW, CUBE, applications, etc?

Highlighted

Well, my concern is mostly

Well, my concern is mostly with Jabber.

For voice only networks I dont my go IP-IP, but whit Jabber in mind, PC networks needs those access too and the port list increase with each release, so if I have Jabber+phones+GW+CUCM?

Thanks.

Highlighted
Hall of Fame Master

Well, there is not magic here

Well, there is not magic here. 

If you want firewall between CUCM/phones,client you need to open the ports.

Is the firewall on the internal network?  Do you have network diagram showing which components are in which firewall zone?

Highlighted

No at the moment, and is not

No at the moment, and is not a design problem, is more a "learning" problem.

Dont worry to much Chris, thank you for all your help! :D

Rolando Valenzuela.

Highlighted
Enthusiast

You should allow the required

You should allow the required to pass-through the firewall. Yes it is a pain and there is no silver bullet.

Please rate replies and mark question as "answered" if applicable.
Highlighted

-Bump-

-Bump-