Port forwarding through SR520 to allow SIP trunking, CCA access and remote softphone?

Unanswered Question
Nov 7th, 2009
User Badges:
  • Bronze, 100 points or more

Hey guys,


I'm going to put an SR520 in front of our UC540W in our test lab shortly, and wondered if anybody has done this and happens to know the proper ports to forward through the SR520 for SIP trunking and CCA access from the WAN?  I assume that SIP trunking requires 5060, but do I need to include any other ports to make this work properly?  I'm currently using NexVortex if that helps at all.


Secondly, I'd like to be able to access the UC500 and SR520 from the WAN for simple configuration changes and tweaks.  Is it enough to just create a VPN tunnel with the SR520 if the UC540 has it's firewall shut down or do I need to create a VPN with the UC540 to access the UC540 and make changes on it's config?


How about remote softphone access?  Is a VPN with the SR520 sufficient if the UC540 firewall is shut down?  Do I point voice traffic through the SR520 to the UC520 at IP address 10.1.1.1?


Any help that might get me started on the right path would be much appreciated.


Thanks,


Seth

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Hornstein Sat, 11/07/2009 - 13:26
User Badges:
  • Gold, 750 points or more

Hi Seth,


Marcos Hernandez has a number of scenario's such as yours, discussed somewhere in this Small Business Community.


Steve Smith responded to a fellow trying to do a similar thing, check out the URL below.


https://www.myciscocommunity.com/message/7571#7571


Your assumptions are correct, the VPN clients will have to point their softphones like all phone to 10.1.1.1.  The SR520 can cope with terminating your VPN's


Notice how as the discussions progressed the advice was basically ;


1. There is no need to turn off the firewall on the SR520


2.  Use CCA, now 2.1.1  to configure the units.


3.  Disable the NAT and firewall on the UC5XX and allow the firewall and NAT on the SR520 to provide the security of the LAN


4.  Create a static route in the SR520 that points to the 10.0.0.0 network with the next hop being the UC5XX WAN interface (FastEthernet 0/0).


5.  Create a static route in the SR520 that points to the 192.168.10.0 network with a next hop being the UC5XX WAN interface (FastEthernet 0/0).


I think that's about it, i'm sure someone will correct me if I have messed up.


regards Dave

Actions

This Discussion