Example 2: Itp Endpoints And Inter-Tel Networking - Inter-Tel AXXESS Manual
Hide thumbs
Also See for AXXESS:
- Administrator's manual (342 pages) ,
- User manual (118 pages) ,
- User manual (58 pages)
Table of Contents
Advertisement
Appendix F – Network Topology
®
®
INTER-TEL
AXXESS
•
•
•
•
Example 2: ITP Endpoints and Inter-Tel Networking
15.6 To add support for Inter-Tel networking, expand the ACL to allow the Inter-Tel Private
Networking port to be accessible from the Internet to the Axxess system. Responses to com-
munications initiated from inside (for example, http request for a Web page) are controlled by
the firewall functionality through dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit tcp any host 208.132.23.66 eq 5570
permit udp any host 208.132.23.66 range 5004 5069
deny
Page F-28
MANUAL VERSION 11.0 – May 2008
The following section sets up the connection to the Internet. NAT is enabled between
the Internet and the internal LAN. Traffic from the Internet is filtered using the access-
group called
.
Internet
interface Serial0/0
description connected to Internet
ip address 208.13.17.33 255.255.255.252
ip access-group s0in in
ip nat outside
The next section defines the access control list (the rules) for traffic coming from the
Internet to either the Internal LAN or the DMZ. This is the first line of defense, so filter
as much as possible. Responses to communications initiated from inside (for example,
http request for a Web page) are controlled by the firewall functionality through
dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit udp any host 208.132.23.66 range 5004 5069
deny
ip any any
The next section sets up the connection to the DMZ. NAT is not enabled between the
Internet and the DMZ. Traffic from the Internet is filtered using the access-group called
DMZ. The "inspect" statement enables the stateful firewall functionality.
interface Ethernet 1/0
description Site DMZ LAN
ip address 208.132.23.66 255.255.255.192
ip inspect dmzinspector in
ip access-group e1in in
ip inspect name dmzinspector udp
ip inspect name dmzinspector tcp
ip inspect name dmzinspector sip
The next section defines the access control list (the rules) for traffic coming from the
DMZ to either the Internal LAN or the Internet. Limit the communications between the
DMZ and the internal LAN as much as possible in the event one of the DMZ nodes is
compromised.
ip access-list extended e1in
deny
ip any 192.168.100.0 0.0.0.255
permit ip any any
!
ip any any
Example 2: ITP Endpoints and Inter-Tel Networking
Advertisement
Chapters
Table of Contents
Troubleshooting
