Friday, May 7, 2010

Access List on a Cisco CUBE / SBC

;Access-list on a Cisco CUBE / SBC


A commonly used design is to put voip servers (callmanager, asterisk...etc)
behind the CUBE by using private addresses. With this set up, our voip
servers are secured from outside, non-trusted networks.

But how do we protect the cube? One of many ways is to put an ACL on its public
interface, only allowing voice traffic from trusted networks.

In this example, we have two interfaces, the public and private interfaces.
Our callmanager sits on the private network.


interface FastEthernet0/1
description callmanager and ip phone segment
ip address 192.168.0.1 255.255.255.0

interface FastEthernet0/1
description public interface
ip address 198.198.198.1 255.255.255.252
ip access-group OUTSIDE_INTERFACE in

ip access-list extended OUTSIDE_INTERFACE
10 permit ip [define allowed public networks here] any
25 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
100 deny ip any any log


on line 25, you need specify the private network or you will encounter
one-way audio.

IOS version used on this example is c2600-js2-mz.123-13a.bin



;CUBE, multi-service IP-to-IP gateway or SBC

No comments:

Post a Comment