Need some advice,
I have a cbeyond SIP phone service, works great. After discussion with cbeyond technician and my Cisco Systems Engineer, it was suggested that I alter my Fastethernet0/0 IP address to a Global IP address, for obvious reasons.
I used CCA2.0.1 to alter my internet IP address.
I can still browse to the internet, but my UC520 is now using a Global IP address given to me by cbeyond rather than the private IP address that it was using before.
I next added a NAT entry to allow for a port Address translation from my wan interface to my lan interface port 5722 to private IP 192.168.10.200
My concern is that my acess list now looks too brief, and look too restrictive
here is the OLD access list;
access-list 105 remark auto generated by SDM firewall configuration##NO_ACES_20##
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp host 192.168.22.212 eq 5060 any
access-list 105 permit udp host 192.168.22.212 any eq 5060
access-list 105 deny ip 10.1.10.0 0.0.0.3 any
access-list 105 deny ip 10.1.1.0 0.0.0.255 any
access-list 105 deny ip 192.168.10.0 0.0.0.255 any
access-list 105 permit udp host 184.108.40.206 eq domain any
access-list 105 permit udp host 220.127.116.11 eq domain any
access-list 105 permit icmp any host 10.0.1.26 echo-reply
access-list 105 permit icmp any host 10.0.1.26 time-exceeded
access-list 105 permit icmp any host 10.0.1.26 unreachable
access-list 105 permit udp any any range 16384 32767
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip host 0.0.0.0 any
access-list 105 deny ip any any log
here is my show run of my FastEthernet0/0 interface and new access list that is attached to FastEthernet0/0
ip address 18.104.22.168 255.255.255.252
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_2##
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any host 22.214.171.124 eq 5722 log
access-list 104 deny ip any any
My concern is regarding the old access list 105 took into account allowing SIP from my service provider and other necessary services. The new access list does not take into account these DNS, SIP and ICMP services.
How can I use CCA2.0.1 to allow the SIP connection from CBeyond , Domain services and ICMP functionality.