RESOLVED: VoIP (VoiceWing) & Firewalls Help

Timothy M. Lyons lyons at digitalvoodoo.org
Thu Aug 19 14:33:00 EDT 2004 

I wasn't going to respond back to the list but I've had enough comments 
off-line
that it seems like there's interest in the solution.  It was a painful few 
hours
with the sniffer but the firewall messages are finally gone. Here's the 
specifics
of the inbound traffic I ended up permitting to the ATA 186:

 proto        Source                Dest Port(s)    Internal Address
UDP          213.137.73.0/24  16384:16415    <device_ip>
UDP          213.137.73.0/24  5060:5065        <device_ip>
UDP          213.137.73.0/24  15297               <device_ip>
UDP          213.137.73.0/24  16297               <device_ip>
UDP          213.137.73.0/24  15920:15930    <device_ip>
UDP          63.211.47.3         16384:16415    <device_ip>

 Most, if not all of the quirks I was noticing have disappeared
but this config seems to work for VoiceWing.  I'll probably tighten
this down some as I can confirm specific IP's in the /24 but for now
it's a livable solution.

As usual, YMMV...

 --Tim

>
>
> ----- Original Message ----- 
> From: "Derek Atkins"
> To: "Timothy M. Lyons" Cc: <discuss at blu.org>
> Sent: Wednesday, August 18, 2004 23:24
> Subject: Re: VoIP (VoiceWing) & Firewalls Help
>
>
>> Having spoken to some of the ATA-186 engineers at cisco, they don't
>> do firewalls very well.
>>
>> -derek
>>
>> "Timothy M. Lyons" writes:
>>
>>> Has anyone out here successfully setup a VoIP TA (Specifically Verizon
>>> VoiceWing / Cisco ATA 186) behind
>>> a firewall?  I'm having a lot of issues with connectivity from my
>>> internal segment and Verizons solution to open up
>>> all UDP from the internet was not very helpful.
>>>
>>> I got it limping along by placing the device in a secondary DMZ and
>>> punching some holes in the FW, but I'm still
>>> not convinced it's correctly setup as it works fine when
>>> directly-connected to the net but had some minor glitches
>>> on the DMZ.  As VZ had no more advice to offer, I'm reaching out.
>>>
>>> --Tim
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at blu.org
>>> http://www.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list