[cisco-voip] Securing Voice networks

Scott Voll svoll.voip at gmail.com
Wed Dec 3 11:14:47 EST 2008 

And that's what I'm looking at.  I have NO MPLS so I should be good.

Thanks All

Scott

On Tue, Dec 2, 2008 at 3:44 PM, Mark Holloway <mh at markholloway.com> wrote:

>  You can also use VRF Lite which allows you to use VRF's without using
> MPLS.
>
>
>
> *From:* cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] *On Behalf Of *Jason Aarons (US)
> *Sent:* Tuesday, December 02, 2008 4:36 PM
> *To:* Lelio Fulgenzi; Scott Voll
>
> *Cc:* cisco-voip
> *Subject:* Re: [cisco-voip] Securing Voice networks
>
>
>
> VRF is the backbone of how MPLS works.  Your network routes are in a
> private VRF that only you can see. If they can hack or mis-configure the VRF
> then your routes could be advertised to a hack is the security worst case
> scenario  with MPLS.  I believe you can filter a VRF into another VRF but
> haven't seen that myself.  I went thru backbone service provider MPLS
> training, did all the labs and haven't used VRF much since then.
>
>
>  ------------------------------
>
> *From:* cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] *On Behalf Of *Lelio Fulgenzi
> *Sent:* Tuesday, December 02, 2008 6:07 PM
> *To:* Scott Voll
> *Cc:* cisco-voip
> *Subject:* Re: [cisco-voip] Securing Voice networks
>
>
>
> The term is VRF. http://en.wikipedia.org/wiki/VRF
>
> I'm still not clear as to the difference, but from what I understand, they
> are logically two separate networks and go beyond the level of seperation
> that VLANs provide. For example, you can have two VRF domains and route them
> across your network, both with the same IP address space but still logically
> separated. What I don't know, is whether you can somehow route between two
> VRF domains (if that's even what you call them).
>
> For now, we are using ACLs, and for the most part they work, but it's not
> ideal. Putting things behind a firewall makes sense, but with multiple data
> centres, you have to ensure that the voice servers can communicate with each
> other unhindered/unblocked. There are also some issues with respect to
> asymetrical routing which I think is an issue for us.
>
> Until Cisco comes up with a recommended design for putting their voice
> servers behind firewalls in multiple data centres, I think people will be
> clamoring.
>
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
> (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> "Bad grammar makes me [sic]" - Tshirt
>
>
> ----- Original Message -----
> From: "Scott Voll" <svoll.voip at gmail.com>
> To: "<cisco-voip at puck.nether.net>" <cisco-voip at puck.nether.net>
> Sent: Tuesday, December 2, 2008 5:56:59 PM GMT -05:00 US/Canada Eastern
> Subject: [cisco-voip] Securing Voice networks
>
> I have multiple Voice networks that I would like to put behind my FWSM.  At
> CIPTUG (pass the mic) i asked the question of how others were doing it and I
> thought they were using VFR.  is that the right term?
>
>
>
> Can someone give me a run down of how they are doing it?
>
>
>
> Thanks
>
>
>
> Scott
>
>
> _______________________________________________ cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>  ------------------------------
>
> *Disclaimer: This e-mail communication and any attachments may contain
> confidential and privileged information and is for use by the designated
> addressee(s) named above only. If you are not the intended addressee, you
> are hereby notified that you have received this communication in error and
> that any use or reproduction of this email or its contents is strictly
> prohibited and may be unlawful. If you have received this communication in
> error, please notify us immediately by replying to this message and deleting
> it from your computer. Thank you. *
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20081203/b3a761e0/attachment-0001.html>

More information about the cisco-voip mailing list