[cisco-voip] Expressway - 3rd Party Border Recommendation
Brian Meade
bmeade90 at vt.edu
Mon Dec 1 13:51:18 EST 2014
I've done this before with a large Avaya setup. We had all of the UC stuff
in a separate VRF and all soft clients had to come through an SBC for
registration. We demoed Sipera and Acme. Sipera got the job done cheaper,
but Acme scaled much better for us. I think CUCM supports Acme SBCs as
well as an alternative to CUBE.
Brian
On Mon, Dec 1, 2014 at 1:23 PM, Pawlowski, Adam <ajp26 at buffalo.edu> wrote:
> Afternoon all,
>
> Trying to get some opinion on how (if) you would put up a
> perimeter to your UCM clusters to bring in 3rd party clients, softphones,
> etc, that are SIP based and reside outside of your secured LAN? Most of our
> desktops are on public addresses, not behind any particular hardware
> firewall, just software on the host. I'm concerned that the host could be
> compromised, or as seen with some soft clients, they just get harassed by
> driveby SIP/H.323 scans and calls.
>
> I haven't seen any great justification for trying to fence/proxy
> connectivity to the UCM for Jabber, X-Lite, etc, to the cluster, but
> general security practice is saying that if you can make it more secure, it
> is at least worth looking into.
>
> I've looked at trying to set the UBE up for proxy/passthrough
> registrar, and this seems tedious because it doesn't proxy auth and
> requires dial-peer configuration (making dual usage as a gateway
> cumbersome). I have heard "use expressway" a few times but have no idea how
> that would work for 3rd party SIP devices. Other than that, I spent a bit
> of time looking at stuff from Edgewater, OpenSIPS, etc, but it is not clear
> to me if any of these products are worth the trouble, and what the Cisco
> recommended way to go about this is.
>
> Anyone have any experience or thought in this area? Is this a bad
> idea? Anything to say about trying to secure potentially 'untrusted'
> connectivity on a larger scale?
>
> Regards,
>
> Adam Pawlowski
> SUNYAB
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141201/c4b157f7/attachment.html>
More information about the cisco-voip
mailing list