[Asterisk-Users] Securing Cisco SIP gateway
Jan Baumann
asterisk at cyberways.net
Mon Jan 12 09:31:40 MST 2004
Hello asterisk community,
I have successfully set up asterisk as a SIP PBX and now would like to
connect to the outside world using a Cisco 2600 with VIC-BRI as an ISDN
gateway. This works already in the lab, but I have security concerns
before conecting the gateway to the internet.
I currently don't know exactly what VoIP services the Cisco runs by
default besides SIP (H.323, MGCP, ...) and which IP ports it accepts
call setup requests on for the different protocols. What makes it worse
is that the Cisco accepts these requests on all IPs of any of its
interfaces.
What I want to do is lock the gateway Cisco down to only accept SIP
sessions and only via the asterisk box as a signalling and rtp proxy -
either by an access-list or some authentication mechanism. Per-client
access-control to the PSTN will then handled by asterisks dialplan.
I am quite sure someone has done this successfully before and would very
much appreciate any hints how to do this best.
Many thanks and
kind regards,
Jan Baumann
More information about the asterisk-users
mailing list