Re: Pix configuration on Ccme environment

bergonzoni · ‎05-06-2004

I have a Router Cisco 1760-v with CCME,in the ethernet interface i connected six ip phone and they work good,using a isdn bri interface to connect to the pstn network.

I added a new module Wic-1adsl to connect my network to internet but now for security issues i need to install a Pix firewall.

Where do I have to install the firewall?In the middle between Router and Switched network with ip phone o i should install second fastethernet interface in the router to connect outside interface of Pix?

Many thanks.

ehirsel · ‎05-06-2004

I would install the firewall between the router and the switched network with ip phone as shown in this topology:

IP Phone --- Switch -- PIX -- 1760--- to inet/pstn

This allows the pix to protect the internal network in case the 1760 device somehow gets compromized.

The 1760 already connectd to the pstn - one type of a service provider, so view the internet as another form of service, thus the 1760 can be viewed as a service gateway.

If you place the firewall between the 1760 and internet, there is no protection from attacks coming from the pstn network.

scoclayton · ‎05-06-2004

You certainly can add a PIX to this environment and I agree with the placement that the previous poster mentioned. However, have you considered installing the IOS Firewall feature set on this router instead of adding a PIX? Might make a lot more sense and cause you a little less pain in trying to get the phones to communicate with the CCME across the FW. Just a thought.

Scott

bergonzoni · ‎05-10-2004

I think that working with Ios firewall feature is better choice in my issue.

Please,could you show me instructions to configure Pix to permit ip phone traffic to pass trough it?

Marc