SIP trunk and Internet handoff on same circuit Security Advice
Looking for some opinions on security concerns with a Dynamic IP handoff from a service provider that sends both internet and SIP traffic down the same physical circuit. The provider separates the SIP and Internet traffic with separate DLCI's going into there MPLS cloud via frame relay. SIP traffic is routed to a private ip address in the provider cloud that is specific to my individual setup and they route the public ip's to the public address attached to my internet dlci. On my end I have a 2811 with Advanced ip services and CUBE. The public addresses will be handed off via my second ethernet interface on the 2811 and will plug into the outside interface of an ASA and will act as the clients secondary internet connection. The primary ethernet interface is connected directly to the LAN. Both the SIP DLCI and internet dlci have pubic assigned ip addresses going upstream into the cloud. However there seems to be some level of security in the MPLS environment by default because I can't access my SIP DLCI from the internet (I don't have the internet DLCI running yet). I'm being cautious because my router has one leg on the net and one on the LAN and voice traffic is flowing in and out via SIP through the CUBE. While I'm very familiar with voice and routing/security I'm not so much with SIP trunks and CUBE so I guess I don't know what I don't know and am looking for suggestions on making sure this is locked down properly. I do know the sip-ua is set up to hide the internal ip address. I've attached a visio that shows the logical setup minus ip addresses. Here's quick breakdown of interfaces.
Inside F0/1= 10.150.X.2 (Voice LAN)
Outside F0/0= 209.X.X.1 (Internet gateway for outside of ASA).
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...