Hi dear community,
As i'm not very familiar with security design I had 2 questions for whom know better ^^:
- I would like to know if there is best practices or design guide (other than: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/security.html#wp1046310) for ASA deployement with a CUCM cluster?
- I also would like to know if splitting pub and sub with an ASA is recommended? if not, what are the reasons?
Beside security question, could you help me to understand in the scenario 2 of the precedent URL ,why the RTP would address to SUB? and why TRP could help even if the device is using MRGL that contains MTP that are located on the PUB lan?
Thanks a lot,
regardign the second question, for sure it is not recommended to split Pub and Sub using ASA. because a lot of traffic will flow between them. but also you can do it. you can split the cluster via WAN and in this case for sure there is a firewall. but to do this, the ping period should not exceed 2m seconds.
for the first point, I just need to say there is a document lists all ports required via Callmanager.