<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>IOS access-lists to hide callmanager/unity/personal assistant?</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5700.6" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=546285816-13102006><FONT face=Arial
color=#0000ff size=2>I would strongly suggest that you keep your cisco servers
(outside of unity) in a workgroup. If you look at all of your upgrade
requirements, you have to remove and readd the server to the domain for each
upgrade. If you are lucky you have access to add/remove machines to a
domain, if not you have to use a server engineer with any upgrade. TAC can
also ask you to remove the server from a domain in troubleshooting
issues.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=546285816-13102006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=546285816-13102006><FONT face=Arial
color=#0000ff size=2>The "benefits" you receive from adding a cisco server to a
domain do not add up to the benefits of keeping it out of the
domain.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] <B>On Behalf Of </B>Voigt
Thomas<BR><B>Sent:</B> Friday, October 13, 2006 8:40 AM<BR><B>To:</B>
cisco-voip@puck.nether.net<BR><B>Subject:</B> [cisco-voip] IOS access-lists to
hide callmanager/unity/personalassistant?<BR></FONT><BR></DIV>
<DIV></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Arial size=2>Hi all!</FONT> </P>
<P><FONT face=Arial size=2>Has anyone experiences with IOS access-lists to hide
the Cisco servers from the other clients in the net?</FONT> </P>
<P><FONT face=Arial size=2>Our server guys tell us to migrate our servers to
their active directory (which should be no problem) and also to their
</FONT></P>
<P><FONT face=Arial size=2>security concept which includes distributing
Microsoft patches to the servers. This is not allowed by Cisco…</FONT> </P>
<P><FONT face=Arial size=2>So we have to hide our Cisco gear with access lists
to have only contact with the ip phones and other neccessary </FONT><BR><FONT
face=Arial size=2>communications.</FONT> </P>
<P><FONT face=Arial size=2>I know that there are documents at CCO that document
the ports used by CCM, UNITY and PA. But are there </FONT><BR><FONT face=Arial
size=2>access lists anywhere which we could use?</FONT> </P><BR>
<P><FONT face=Arial size=2>-- </FONT><BR><FONT face=Arial size=2>With kind
regards</FONT> </P>
<P><FONT face=Arial size=2>Thomas Voigt</FONT> <BR><FONT face=Arial
size=2> </FONT> </P></BODY></HTML>
<HTML><BODY><P><hr size=1></P>
<P><STRONG>
Disclaimer:
This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
</STRONG></P></BODY></HTML>