05-20-2016 06:06 AM - edited 03-17-2019 06:59 AM
Hi there,
I have CUCM-BE running on a BE6000M. The CUBE is also running on this device and the device is in the DMZ.
So set-up is:
CUBE <---DMZ--->F5 firewall <----> ITSP
Note: CUBE is on a private IP address and only one interface is been used
The issue here is that the f5 firewall only dose L3 NAT and the SIP SDP packets are not inspected. Is there a way to do this on the CUBE? If there is no way to do this on the CUBE what are the alternatives?
Thanks
alexis
p.s as a side not is there a better way to deploy this solution?
05-20-2016 09:28 AM
Yes, you can do that on the CUBE, but I recommend you just remove the NAT in the FW, but you dont remove the FW, and just permit specific ports for SIP and RTP.
I have this in my CUBE.(You need CUBE Licence)
voice service voip
ip address trusted list
!I suggest you, put the specific IP CUCM, and IP PSTN.
ipv4 0.0.0.0 0.0.0.0
allow-connections sip to sip
CUCM --- CUBE
dial-peer voice 5001 voip
description DIAL-PEER DE ENTRADA DESDE EL CUCM
session protocol sipv2
session transport tcp
incoming called-number 9.T
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.10
voice-class sip bind media source-interface GigabitEthernet0/0.10
dtmf-relay rtp-nte
no vad
!
dial-peer voice 5002 voip
description DIAL-PEER DE SALIDA HACIA EL CUCM
destination-pattern 811196....
session protocol sipv2
session target ipv4:177.1.10.210
session transport tcp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.10
voice-class sip bind media source-interface GigabitEthernet0/0.10
dtmf-relay rtp-nte
no vad
CUBE -- ISP
dial-peer voice 6001 voip
description DIAL-PEER DE ENTRADA DESDE PSTN
incoming called-number 811196....
session protocol sipv2
session target ipv4:172.28.114.25
session transport udp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.901
voice-class sip bind media source-interface GigabitEthernet0/0.901
dtmf-relay rtp-nte
dial-peer voice 6001 voip
description DIAL-PEER DE SALIDA HACIA PSTN
incoming called-number 9.T
session protocol sipv2
session target ipv4:172.28.114.25
session transport udp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.901
voice-class sip bind media source-interface GigabitEthernet0/0.901
dtmf-relay rtp-nte
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide