ACL for VOIP SIP,H323,SCCP

Unanswered Question
Nov 3rd, 2011
User Badges:

Hi,


i have a problem in understanding the acl rule for sip h323 or SCCP.


WE will use this for connect ip Communicator to CME


The CME has the IP : 192.168.10.254

The ASA Inside Interface IP : 192.168.10.1

The ASA Outside Interface IP:  x.x.x.x (static)


I connect to the Network with Cisco annyconnect but voip not work


So i must set acl for this problem


M Problem: In the guide the outside interface is a clss B network but we have a class A networkaddress applyed by our ISP.


when i connect with anyconnect i have an internale address off 192.168.10.80 (static) applyed through the asa.


Witch IP Address i must set in the acl


access-list 100 extended permit tcp 192.168.10.0 255.255.255.0 host ? eq (sip,h323,sccp)  /  Outside Interface IP address oder host ip ?



Philipp

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Fri, 11/04/2011 - 05:51
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

You need to allow the VPN pool range to the inside cme ip

And make sure inspection is enabled for the used protocol such as sip

See the below link for more details

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml


Hope this help

If helpful rate

Actions

This Discussion