Security for IP2IP Gateway router

Unanswered Question
May 1st, 2008

We have a new phone system almost ready to test.

We have an edge router that is connecting to Verizon's PIP network and will pass the traffic to our internal network on the same router's ethernet interface.

The IP to IP gateway router will actually be the endpoint for the SIP trunk.

We have BGP configured on the edge router and Verizon wants me to advertise our Internal Network via BGP into their PIP network so they can get to the IP2IP gateway router.

Is this common and what security measures are usually used in this setup?

Any information would be helpful.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Anonymous (not verified) Wed, 05/07/2008 - 06:17

Common security measures are:

Protection from fragmentation attacks.

Authentication of BGP routing traffic

The NAT configuration on the internet gateway router

The workaround for BGP is to configure MD5 secret for each session between peers.

Examine firewall logs for rejected traffic.

Examine the logs of other devices on the network segment outside of the firewall for potential problems.

These log entries should indicate if there are issues that need to be addressed immediately via the inbound access-list on the gateway router.

louis.engelbrecht Fri, 07/04/2008 - 06:43

Hi wilson

This is quite normal. i am actually running the same configuration with the verizon sip trunking solution.

ccm 4.2(3) with dual PIP and SIP trunks for backup purposes

We redistribute all our internal networks into BGP so that other PIP connected sites as well as the verizon session border controllers can see those networks.


This Discussion