[cisco-voip] SBC/CUBE placement Question

[Rik Koenig]

I have a question regarding placement of a CUBE. Given that the CUCM and
phones are on the inside of the FW, and that the SP SBC is on the outside,
is it better to
1: place the CUBE completely behind a firewall, and let the PSTN trunk go
through the firewall
2: place the CUBE on the outside of the FW, or on a DMZ
3: Place one interface on the outside, one on the inside, and lock down the
router with ACLs, so that the only connections allowed to it are from the
service provider SBC and internal UC devices?

2 seems like it's a bad choice, you'd bog down the FW with dynamically
opening up for all the RTP between the CUBE and phones. 3 would work, but
you really have to trust that the ACLs aren't letting anything in... 1 does
seem like the way to go, but I'm interested in what better and wiser heads
say.

If this is well-answered in documentation, please point me to it. I looked
in the SRND, but it seemed to say that it can be done a lot of different
ways. If there are other ways, I'm open

Thanks,

Rik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120228/4b6fba36/attachment.html>