[cisco-voip] setting up firewall security for jabber and/of IP Communicator

Lelio Fulgenzi lelio at uoguelph.ca
Fri May 15 11:58:28 EDT 2015



just reading up on the ASA options.... 


anyone using SCCP or SIP inspection? I'm not sure exactly when I would need to enable that. 


funny thing, as of ASA 9.3 it says SCCP inspection is not supported for CUCM 8.5 or CUCM 9.x. we're at ASA 9.1(x) and that document doesn't say anything about it not being supported for those particular CUCM versions. 


Lelio 




--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

----- Original Message -----

From: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
To: "cisco-voip voyp list" <cisco-voip at puck.nether.net> 
Sent: Thursday, May 14, 2015 2:30:48 PM 
Subject: setting up firewall security for jabber and/of IP Communicator 





I'm about to set up firewall security so Jabber clients (and IP Communicator) can access the telephony servers (CUCM, Connection, IM&P, UCCx, etc) and I was hoping to get some ideas as to what others have done and if I'm missing anything obvious here. I'm using the CUCM/IM&P port list as well as the Jabber deployment guide to get the Jabber port list. For the firewall, we are using an ASA appliance pair, v 9.1(3). 


Typically we build the ACL statements with the source address object group coupled with destination address object group and the destination port object group. I don't think there is a need to build the ACL with a source port object group at this time. 


I've also been told that we might have some multicast limitations with the firewall, basically , multicast traffic can't pass through our firewall. 


Any comments would be helpful. But I'm wondering, specifically: 


    * Are people deploying IP Communicator still? For all the benefits of Jabber, I don't see it as a replacement for a softphone with access to all the buttons and apps that are available, like services, directories, conference/join, etc. Does UCCx work with Jabber for example? 
    * What have others done for firewall ACL building? Is there a firewall feature set I'm not aware of that will simplify my life? 
    * Are there any multicast requirements when deploying Jabber and IPCommunicator? Aside from MoH? 


Thanks in advance for any help! 


Lelio 




--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150515/8370e1dd/attachment.html>


More information about the cisco-voip mailing list