Here’s what I came up with for the SIP ACL. Any comments? Is there a way to test this before implementation on a production interface and will it create problems?
ip access-list extended Inbound_SIP_ACL
remark Permit SIP Ports
permit tcp host 1.2.3.4 any range 5060 5061
permit tcp host 1.2.3.5 any range 5060 5061
permit udp host 1.2.3.4 any range 5060 5061
permit udp host 1.2.3.5 any range 5060 5061
remark Permit UDP RTP Ports
permit udp host 1.2.3.4 any range 16384 32767
permit udp host 1.2.3.5 any range 16384 32767
deny ip any any log
interface gi0/0/0
ip access-group Inbound_SIP_ACL in