Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security for IP2IP Gateway router

We have a new phone system almost ready to test.

We have an edge router that is connecting to Verizon's PIP network and will pass the traffic to our internal network on the same router's ethernet interface.

The IP to IP gateway router will actually be the endpoint for the SIP trunk.

We have BGP configured on the edge router and Verizon wants me to advertise our Internal Network via BGP into their PIP network so they can get to the IP2IP gateway router.

Is this common and what security measures are usually used in this setup?

Any information would be helpful.


Re: Security for IP2IP Gateway router

Common security measures are:

Protection from fragmentation attacks.

Authentication of BGP routing traffic

The NAT configuration on the internet gateway router

The workaround for BGP is to configure MD5 secret for each session between peers.

Examine firewall logs for rejected traffic.

Examine the logs of other devices on the network segment outside of the firewall for potential problems.

These log entries should indicate if there are issues that need to be addressed immediately via the inbound access-list on the gateway router.

New Member

Re: Security for IP2IP Gateway router

Hi wilson

This is quite normal. i am actually running the same configuration with the verizon sip trunking solution.

ccm 4.2(3) with dual PIP and SIP trunks for backup purposes

We redistribute all our internal networks into BGP so that other PIP connected sites as well as the verizon session border controllers can see those networks.

CreatePlease to create content