ACL for SIP traffic [Archive] - CertificationChat.com Cisco Certification Forum

voiceCCIE

07-06-2009, 10:10 PM

I want to build an access-list to only allow SIP traffic to an interface. What do I need to add in order to allow this?

ipsec

07-06-2009, 10:18 PM

You need to allow RTP (16384 32767) and SIP, for example.

ip access-list extended SIP-InBound
permit udp any host 1.1.1.1 eq 5060
permit udp any host 1.1.1.1 range 16384 32767
deny ip any any log

voiceCCIE

07-06-2009, 10:21 PM

Wouldn't allowing SIP from any source exposed my SIP gateway to someone using it to make calls?

ipsec

07-06-2009, 10:23 PM

No, it depends on how your gateway is configured. You need to control who can make calls from the voice side vs the ACL. I've seen SIP providers jump between ip address which makes it impossible to configure the ACL to allow only specific sources.

maestroabn

04-26-2010, 03:44 PM

nhÆ° váº*y, access-list trong trÆ°á»ng há»£p nÃ*y Ä‘Æ°á»£c dÃ¹ng khÃ´ng ho má»¥c Ä‘Ã*ch traffic filter ná»¯a mÃ* Ä‘Æ°á»£c dÃ¹ng nhÆ° "pattern matching".

Em muá»‘n há»i cÃ¡ch apply cÃ¡c extended access-list nÃ*y vÃ*o BGP nhÆ° tháº¿ nÃ*o? Nhá»¯ng protocol nÃ*o khÃ¡c há»— trá»£ cÃ¡c dÃ¹ng nÃ*y?

xin cÃ¡m Æ¡n,