[cisco-voip] CUBE Network Design

Brian Meade bmeade90 at vt.edu
Tue Apr 21 13:59:26 EDT 2015


Ideally you can rely on SIP inspection on the FW to handle opening the RTP
pinholes.

On Tue, Apr 21, 2015 at 1:38 PM, Jason Aarons (AM) <
jason.aarons at dimensiondata.com> wrote:

>  Would you open almost all your UDP RTP ports from CUBE in DMZ to inside
> phones?
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *harbor235
> *Sent:* Tuesday, April 21, 2015 1:35 PM
> *To:* Cisco VOIP
> *Subject:* [cisco-voip] CUBE Network Design
>
>
>
>
>
> I have infrastructure setup to provide VOIP services as well as other
> services to a multi-tenacy  environment. I want to segregate those services
> as much as possible for security reasons.
>
> My question, customer resources are behind a edge router and a firewall, I
> want my cube positioned as close to the edge as possible for performance
> reasons. Cisco design docs have suggested that for larger sites terminating
> SIP traffic on a CUBE that best practice is to position the CUBE inside of
> the firewall. My thoughts are a DMZ like structure that connects to the
> firewall via two interfaces, inside and outside. This provides several
> controlled interfaces for policy enforcement.
>
> I wanted thoughts from the community on real world network design best
> practices when aggregating multiple tenancy environments providing VOIP
> with CUBE services.
>
>   thanks in advance,
>
>
>
> Mike
>
>
>
> itevomcid
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150421/cd4944fc/attachment.html>


More information about the cisco-voip mailing list