Solved: Firewalling best practices for in-out SIP(control y media) traffic

antonello.moneta · ‎11-04-2011

Hello to everyone,

my problem is quite simple to understand and I hope to resolve.

I am a UC500 used as voice system and firewall. I need to configure a SIP trunk to a voice provider.

I would like to know some best practices to make a good ACL to protect the system, and of course let us enjoy the calls through the SIP provider.

I really appreciate any contribute.

Regards Antonello

varrao · ‎11-04-2011

Hi Antonia,

What you would need is an access-list on the outside interface of your firewall to allow the sip provider ip address to the UC500, something like this:

access-list outside_access_in permit ip host host

access-group outside_access_in in interface outside

static (inside,outside)

policy-map global_policy

class inspection_default

inspect sip

Thats all that you would need on the ASA.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎11-04-2011

Hi Antonia,

What you would need is an access-list on the outside interface of your firewall to allow the sip provider ip address to the UC500, something like this:

access-list outside_access_in permit ip host host

access-group outside_access_in in interface outside

static (inside,outside)

policy-map global_policy

class inspection_default

inspect sip

Thats all that you would need on the ASA.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

antonello.moneta · ‎11-16-2011

Thank you Varun.

Firewalling best practices for in-out SIP(control y media) traffic

SIP 3PCC(Third Party Call Control)详解

PI 上の「 Client Traffic on AP 」データの表示について

Optimize Multicast Traffic - Best Practices

Cisco-MDS-SAN-Zoning-Best-Practices

Doc - Ingeniería de Segment Routing Traffic con Medición de Rendimiento