Link to home
Start Free TrialLog in
Avatar of nappyshock
nappyshock

asked on

SIP Trunk Security

I will be setting our inhouse Mitel PBX to run external calls via a Gamma Assured IP SIP trunk, It will only be running 10 SIP trunks. What SIP security will i need, i have a Cisco ASA which is SIP aware, would this be adequate?
Avatar of atrevido
atrevido
Flag of United States of America image

hmmm All the times I've used SIP trunks to Mitels I have a seperate public ip address for that and it goes to a SIP gateway, often provided by the provider or if not use the Mitel MBG.  I think putting an ASA into the mix will just add to the complexity and I don't believe it will add much in the way of security.  Gamma Assured will most likely be set up to only receive SIP info on the IP you give them and the Mitel will be set that way as well.  You also fill in the registration information into the Mitel SIP Peer profile form and that adds a layer of authentication so to speak.

Hope that helps
Avatar of nappyshock
nappyshock

ASKER

Gamma will be terminating the SIP trunk on a router with a /30 public IP address on it. There is no Mitel MBG.
So then from that router you would have a WAN interface and LAN interface.  The WAN with their public and LAN with your private. Your private would be on the same subnet as your Mitel 3300.  There is no need to put anything inbetween the Router LAN interface and the Mitel.  I put my VoIP on a different VLAN to =keep it away from the data.  I would strongly recommend you do that but you probably already have
No the public is on the inside LAN interface of the Gamma router. This is a public /30 address and from this /30 the public address that is not on the router we use and registar with Gamma and it is used by them to route calls to use and identify calls from us.

The 3300 has a private IP address (and no SIP security) so i will need to terminate the public IP on a firewall/router/layer 3 switch etc (it would be terminated on an MBG normally), if i terminate it on the ASA would this provide adequate SIP securtiy.
I think you're going to have to use an MBG.  The 3300 won't take SIP from anything but a gateway and the ASA is not going to do that.  The MBG would provide the security
Do you know (or have used) any low cost alternatives to the MBG. I googled and found an EdgeMarc 4550, these don't same very freely avialable in the UK.
ASKER CERTIFIED SOLUTION
Avatar of atrevido
atrevido
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for your comments Atrivedo