[Asterisk-Users] secure

[Matthew Boehm]

The SIP signaling and RTP transmission only occur between the phone and *
right?
So as long as all ports to/from the phones (ie: firewall) and the * box are
open, there shouldn't be any problems right?


Matthew
----- Original Message ----- 
From: "Benjamin on Asterisk Mailing Lists" <benjk.on.asterisk.ml at gmail.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-users at lists.digium.com>
Sent: Wednesday, September 29, 2004 8:29 AM
Subject: Re: [Asterisk-Users] secure


> On Wed, 29 Sep 2004 14:17:10 +0200, Altus Syman <altus at stormcorp.co.za>
wrote:
> > My question is how do I secure asterisk/sip.
> > I got a firewall only allowing tcp/udp 5060?
>
> In that case you are blocking the voice traffic.
>
> Although SIP is advertised as a VoIP protocol, it doesn't handle any
> voice at all. It only handles signalling. Voice is handled by another
> protocol, RTP, and by default the ports RTP uses for the voice traffic
> are determined at random.
>
> Therefore, you will need to either customise your setup and fix the
> RTP ports at both ends or you will have to open up all ports that RTP
> could possibly be using (typically 10000-20000, sometimes 5000-8000).
>
> Personally, if you are concerned about security, I would recommend you
> don't use SIP over the WAN. Use IAX between the servers.
> Alternatively, use IPsec and build a tunnel between the two servers.
>
> See also my other post in another thread called "NAT Traversal" or
> something like that.
>
> rgds
> benjk
>
> -- 
> Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
> Tokyo, Japan.
>
> NB: Spam filters in place. Messages unrelated to the * mailing lists
> may get trashed.
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users