Solved: Firewalling best practices for in-out SIP(control y media) traffic

antonello.moneta · ‎11-04-2011

Hello to everyone,

my problem is quite simple to understand and I hope to resolve.

I am a UC500 used as voice system and firewall. I need to configure a SIP trunk to a voice provider.

I would like to know some best practices to make a good ACL to protect the system, and of course let us enjoy the calls through the SIP provider.

I really appreciate any contribute.

Regards Antonello

varrao · ‎11-04-2011

Hi Antonia,

What you would need is an access-list on the outside interface of your firewall to allow the sip provider ip address to the UC500, something like this:

access-list outside_access_in permit ip host host

access-group outside_access_in in interface outside

static (inside,outside)

policy-map global_policy

class inspection_default

inspect sip

Thats all that you would need on the ASA.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎11-04-2011