Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1617
Views
0
Helpful
1
Replies

VoIP SIP G/W ACL

clattin
Level 1
Level 1

‎04-10-2020 09:33 AM

Here’s what I came up with for the SIP ACL. Any comments? Is there a way to test this before implementation on a production interface and will it create problems?

 

ip access-list extended Inbound_SIP_ACL

remark Permit SIP Ports

permit tcp host 1.2.3.4 any range 5060 5061

permit tcp host 1.2.3.5 any range 5060 5061

permit udp host 1.2.3.4 any range 5060 5061

permit udp host 1.2.3.5 any range 5060 5061

remark Permit UDP RTP Ports

permit udp host 1.2.3.4 any range 16384 32767

permit udp host 1.2.3.5 any range 16384 32767

deny ip any any log

 

interface gi0/0/0

ip access-group Inbound_SIP_ACL in

 

Labels:
0 Helpful
1 Reply 1

TONY SMITH
Spotlight
Spotlight

‎04-11-2020 01:37 AM

In a typical install you'd only need to permit these ports inbound to the address of your CUBE, the address that is bound to its ITSP facing dial peers. Does your ITSP use both UDP and TCP, and do they use both port 5060 and 5061?  I not then you can cut down the lines appropriately.

If this interface is directly connected to the Internet then be aware that the "deny any any log" at the end can put quite a load on the router, any old stuff hitting it from the Internet is going to be processed by that line.

 

 

0 Helpful
Customers Also Viewed These Support Documents