[cisco-voip] setting up access for APNS - granular vs wide open internet access
Lelio Fulgenzi
lelio at uoguelph.ca
Thu Aug 2 11:57:43 EDT 2018
Another issue we are facing is setting up the collaboration servers (CUCM, IMP) to talk out of our private network to the internet to talk to Cisco and Apple servers.
Just wondering what others have been doing.
Our networking team has suggested the simplest way would be to add a PAT rule at our edge for the servers (or network) so that they can communicate out to the internet as required. There would be no ACLs applied, so they could talk to anywhere. By applying the PAT on the edge, all internal communications would continue with the internal addressing. The PAT would only allow established communications - no outside-to-inside initiated talk allowed.
The other alternative would be to put a bunch of xlate's on our data centre firewall, one for each source collab server and cisco/apple dest pair - this could be 10s of statements.
The first means I have no control over who the servers can talk to on the internet. Which scares me.
The second would mean quite a bit of extra upfront work, and managing those statements if/when Cisco and apple update their ip addresses.
There is the proxy option, but the current proxy service we have is likely not to be considered mission critical and attaching the APNS configuration to this likely wouldn't go over well.
What have others done in this situation?
Thanks!
---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook
[University of Guelph Cornerstone with Improve Life tagline]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 20393 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180802/4cfb6846/attachment.bin>
More information about the cisco-voip
mailing list