[Asterisk-Users] secure

Benjamin on Asterisk Mailing Lists benjk.on.asterisk.ml at gmail.com
Wed Sep 29 06:29:07 MST 2004


On Wed, 29 Sep 2004 14:17:10 +0200, Altus Syman <altus at stormcorp.co.za> wrote:
> My question is how do I secure asterisk/sip.
> I got a firewall only allowing tcp/udp 5060?

In that case you are blocking the voice traffic.

Although SIP is advertised as a VoIP protocol, it doesn't handle any
voice at all. It only handles signalling. Voice is handled by another
protocol, RTP, and by default the ports RTP uses for the voice traffic
are determined at random.

Therefore, you will need to either customise your setup and fix the
RTP ports at both ends or you will have to open up all ports that RTP
could possibly be using (typically 10000-20000, sometimes 5000-8000).

Personally, if you are concerned about security, I would recommend you
don't use SIP over the WAN. Use IAX between the servers.
Alternatively, use IPsec and build a tunnel between the two servers.

See also my other post in another thread called "NAT Traversal" or
something like that.

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.



More information about the asterisk-users mailing list