<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">See page 5 here: <a href="https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_0_1/systemConfig/cucm_b_system-configuration-guide-1201/cucm_b_system-configuration-guide-1201_chapter_01011000.pdf">
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_0_1/systemConfig/cucm_b_system-configuration-guide-1201/cucm_b_system-configuration-guide-1201_chapter_01011000.pdf</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For what servers your servers will need to talk to, if you can do URL based firewall rules that would work.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If not the servers are all Cisco’s and in the Webex cloud so the IP blocks aren’t that many:
<a href="https://collaborationhelp.cisco.com/article/en-us/WBX264">https://collaborationhelp.cisco.com/article/en-us/WBX264</a><o:p></o:p></p>
<p class="MsoNormal">Now I’m not 100% certain if ALL webex services fall within those IPs. That article is designed for Teams and Meetings.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I will add I’ve never operated in an environment as tight/regulated as yours, but I have 23 clusters that have been able to talk outbound to internet since their beginnings and never had an issue that had to do with that.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also you are going to have to think about this internet thing again when you go to 12.x+ and smart licensing so you may want to look up those requirements as well. A few more options exist there where going offline intermittently isn’t
as much of a deal.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td style="padding:0 10px 0 0;"> </td><td align="left" style="padding:10px 0 10px 10px;vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:14.67px;color:#F3800B;font-style:normal;font-weight:700;white-space:nowrap;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Matthew Loraditch<span style="font-family:remialcxesans;"></span></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:700;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Sr. Network Engineer</td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">p:</span> <a href="tel:443.541.1518" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">443.541.1518</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">w:</span> <a href="http://www.heliontechnologies.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">www.heliontechnologies.com</strong></a></td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"> | </td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">e:</span> <a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">MLoraditch@heliontechnologies.com</strong></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="vertical-align:bottom;"><img src="cid:image977720.png@29F05D9F.5A178E36" width="400" height="68" border="0" alt="" style="width:400px;min-width:400px;max-width:400px;height:68px;min-height:68px;max-height:68px;font-size:0;" /></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://facebook.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image191254.png@5E684661.A3A45D3F" width="18" height="18" border="0" title="Facebook" alt="Facebook" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://twitter.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image597717.png@6E42CE8E.52D924BD" width="18" height="18" border="0" title="Twitter" alt="Twitter" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://www.linkedin.com/company/helion-technologies" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image342367.png@952CC0E4.F0A1AF64" width="18" height="18" border="0" title="LinkedIn" alt="LinkedIn" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="padding:5px;vertical-align:top;"><a href="https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image232285.jpg@F2EC3E8B.DF6B136A" border="0" title="Helion joins Automotive CX Summit" alt="Helion joins Automotive CX Summit" style="font-size:12px;" /></a></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net>
<b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Thursday, August 2, 2018 11:58 AM<br>
<b>To:</b> voyp list, cisco-voip (cisco-voip@puck.nether.net) <cisco-voip@puck.nether.net><br>
<b>Subject:</b> [cisco-voip] setting up access for APNS - granular vs wide open internet access<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Another issue we are facing is setting up the collaboration servers (CUCM, IMP) to talk out of our private network to the internet to talk to Cisco and Apple servers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Just wondering what others have been doing. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our networking team has suggested the simplest way would be to add a PAT rule at our edge for the servers (or network) so that they can communicate out to the internet as required. There would be no ACLs applied, so they could talk to anywhere.
By applying the PAT on the edge, all internal communications would continue with the internal addressing. The PAT would only allow established communications – no outside-to-inside initiated talk allowed.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The other alternative would be to put a bunch of xlate’s on our data centre firewall, one for each source collab server and cisco/apple dest pair – this could be 10s of statements.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The first means I have no control over who the servers can talk to on the internet. Which scares me.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The second would mean quite a bit of extra upfront work, and managing those statements if/when Cisco and apple update their ip addresses.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There is the proxy option, but the current proxy service we have is likely not to be considered mission critical and attaching the APNS configuration to this likely wouldn’t go over well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What have others done in this situation?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">---<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Lelio Fulgenzi, B.A.</span></b><span style="font-family:"Arial",sans-serif"> | Senior Analyst<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#333333">Computing and Communications Services</span><span style="font-family:"Arial",sans-serif"> | University of Guelph<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">519-824-4120 Ext. 56354 |
<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="http://www.uoguelph.ca/ccs"><span style="font-family:"Arial",sans-serif;color:blue">www.uoguelph.ca/ccs</span></a><span style="font-family:"Arial",sans-serif;color:#1F497D"> | @UofGCCS on Instagram, Twitter and Facebook<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="187" height="100" style="width:1.9479in;height:1.0416in" id="Picture_x0020_1" src="cid:image001.png@01D42A5C.CB6C3090" alt="University of Guelph Cornerstone with Improve Life tagline"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>