[asterisk-biz] 87.230.80.186
Alex Balashov
abalashov at evaristesys.com
Sun Jun 27 11:45:06 CDT 2010
From an intra-industrial perspective, unless you're providing
end-to-end managed connections and hardware or software packaging,
you're obviously not going to limit SIP to particular IP addresses,
though you will most certainly, most emphatically restrict SSH and
other services that way.
As others have pointed out, when dealing with customers over the
public Internet, endpoint IPs are very likely to change. Between the
customers on dynamic IPs, the road-warriors using softphones, etc.
maintaining ACLs with tens of thousands of IP blocks isn't practical.
What you *will* do in such a situation is invest in an SBC or a
lower-end device. It doesn't so much matter what you use as long as
it is secure, performant and robust, in that order: a properly
locked-down administrative border for your sessions of *some*
description needs to stand between your platform's internal VoIP
network elements and the outside world.
--
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
More information about the asterisk-biz
mailing list