A group within my organization has built a CME system. They want access to the CME system to be available from the office VPN which terminates on an PIX 7.2 box. We're pretty strict about filtering traffic, so we need to implicitly allow RTP traffic trough the firewall in and out of the VPN in order to make this work. I'm wondering if there is any best common practice for allowing RTP traffic back over the VPN that currently handles access to all other corporate resources as well. RTP is UDP/16384 and above, but I'd really like to avoid having to allow such a broad port range through the firewall unless I have to.
I have this problem too.