05-01-2008 04:31 PM - edited 03-15-2019 10:24 AM
We have a new phone system almost ready to test.
We have an edge router that is connecting to Verizon's PIP network and will pass the traffic to our internal network on the same router's ethernet interface.
The IP to IP gateway router will actually be the endpoint for the SIP trunk.
We have BGP configured on the edge router and Verizon wants me to advertise our Internal Network via BGP into their PIP network so they can get to the IP2IP gateway router.
Is this common and what security measures are usually used in this setup?
Any information would be helpful.
05-07-2008 06:17 AM
Common security measures are:
Protection from fragmentation attacks.
Authentication of BGP routing traffic
The NAT configuration on the internet gateway router
The workaround for BGP is to configure MD5 secret for each session between peers.
Examine firewall logs for rejected traffic.
Examine the logs of other devices on the network segment outside of the firewall for potential problems.
These log entries should indicate if there are issues that need to be addressed immediately via the inbound access-list on the gateway router.
07-04-2008 06:43 AM
Hi wilson
This is quite normal. i am actually running the same configuration with the verizon sip trunking solution.
ccm 4.2(3) with dual PIP and SIP trunks for backup purposes
We redistribute all our internal networks into BGP so that other PIP connected sites as well as the verizon session border controllers can see those networks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide