Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewalling best practices for in-out SIP(control y media) traffic

Hello to everyone,

my problem is quite simple to understand and I hope to resolve.

I am a UC500 used as voice system and firewall. I need to configure a SIP trunk to a voice provider.

I would like to know some best practices to make a good ACL to protect  the system, and of course let us enjoy the calls through the SIP  provider.

I really appreciate any contribute.

Regards Antonello

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Red

Firewalling best practices for in-out SIP(control y media) traff

Hi Antonia,

What you would need is an access-list on the outside interface of your firewall to allow the sip provider ip address to the UC500, something like  this:

access-list outside_access_in permit ip host host

access-group outside_access_in in interface outside

static (inside,outside)

policy-map global_policy

class inspection_default

  inspect sip

Thats all that you would need on the ASA.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
2 REPLIES
Red

Firewalling best practices for in-out SIP(control y media) traff

Hi Antonia,

What you would need is an access-list on the outside interface of your firewall to allow the sip provider ip address to the UC500, something like  this:

access-list outside_access_in permit ip host host

access-group outside_access_in in interface outside

static (inside,outside)

policy-map global_policy

class inspection_default

  inspect sip

Thats all that you would need on the ASA.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Firewalling best practices for in-out SIP(control y media) traff

Thank you Varun.

443
Views
0
Helpful
2
Replies