Thanks for the article. Is there any other information from Cisco on this "special" MTA address functionality re your statement " The secured streams which terminate on the firewall will be permitted automatically by the firewall".
In the config guides I'm surprised there's no mention of this since it goes against the logic of applying an outside ACL and having full knowledge and control over open ports to the Internet. Is this because there's no inbound traffic to the MTA address and the SRTP sessions are all initiated from the phone-proxy and thus not subjected to an outside-in ACL?
... View more