Security for IP2IP Gateway router

wilson_1234_2 · ‎05-01-2008

We have a new phone system almost ready to test.

We have an edge router that is connecting to Verizon's PIP network and will pass the traffic to our internal network on the same router's ethernet interface.

The IP to IP gateway router will actually be the endpoint for the SIP trunk.

We have BGP configured on the edge router and Verizon wants me to advertise our Internal Network via BGP into their PIP network so they can get to the IP2IP gateway router.

Is this common and what security measures are usually used in this setup?

Any information would be helpful.

Report Inappropriate Content · ‎05-07-2008

Common security measures are:

Protection from fragmentation attacks.

Authentication of BGP routing traffic

The NAT configuration on the internet gateway router

The workaround for BGP is to configure MD5 secret for each session between peers.

Examine firewall logs for rejected traffic.

Examine the logs of other devices on the network segment outside of the firewall for potential problems.

These log entries should indicate if there are issues that need to be addressed immediately via the inbound access-list on the gateway router.

louis.engelbrecht · ‎07-04-2008

Hi wilson

This is quite normal. i am actually running the same configuration with the verizon sip trunking solution.

ccm 4.2(3) with dual PIP and SIP trunks for backup purposes

We redistribute all our internal networks into BGP so that other PIP connected sites as well as the verizon session border controllers can see those networks.