SIP Trunk Security

nappyshock
nappyshock used Ask the Experts™
on
I will be setting our inhouse Mitel PBX to run external calls via a Gamma Assured IP SIP trunk, It will only be running 10 SIP trunks. What SIP security will i need, i have a Cisco ASA which is SIP aware, would this be adequate?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
hmmm All the times I've used SIP trunks to Mitels I have a seperate public ip address for that and it goes to a SIP gateway, often provided by the provider or if not use the Mitel MBG.  I think putting an ASA into the mix will just add to the complexity and I don't believe it will add much in the way of security.  Gamma Assured will most likely be set up to only receive SIP info on the IP you give them and the Mitel will be set that way as well.  You also fill in the registration information into the Mitel SIP Peer profile form and that adds a layer of authentication so to speak.

Hope that helps

Author

Commented:
Gamma will be terminating the SIP trunk on a router with a /30 public IP address on it. There is no Mitel MBG.

Commented:
So then from that router you would have a WAN interface and LAN interface.  The WAN with their public and LAN with your private. Your private would be on the same subnet as your Mitel 3300.  There is no need to put anything inbetween the Router LAN interface and the Mitel.  I put my VoIP on a different VLAN to =keep it away from the data.  I would strongly recommend you do that but you probably already have
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
No the public is on the inside LAN interface of the Gamma router. This is a public /30 address and from this /30 the public address that is not on the router we use and registar with Gamma and it is used by them to route calls to use and identify calls from us.

The 3300 has a private IP address (and no SIP security) so i will need to terminate the public IP on a firewall/router/layer 3 switch etc (it would be terminated on an MBG normally), if i terminate it on the ASA would this provide adequate SIP securtiy.

Commented:
I think you're going to have to use an MBG.  The 3300 won't take SIP from anything but a gateway and the ASA is not going to do that.  The MBG would provide the security

Author

Commented:
Do you know (or have used) any low cost alternatives to the MBG. I googled and found an EdgeMarc 4550, these don't same very freely avialable in the UK.
Commented:
The MBG is actually not that much.  I got the virtualized one, stuck it on a Dell desktop and it works fine.  I think the MLP for that is $1250 or $1500 but I cannot seem to find my invoice for that.  Plus, the kicker is you have to buy MBG SIP trunk licenses which is a rip off since you have to buy them on the 3300 too.  I think those are somewhere around $112.50 - $150 each depending on your VAR's discount level @ Mitel.

But no, I don't know any gateway alternatives but I do know that a lot of SIP providers provide the gateway.

Author

Commented:
Thanks for your comments Atrivedo

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial