Though note that won't in itself protect you against some malefactor forging the source IP of your ser machine (and if you are using stateless forwarding as far as I can see s. If your ser box and 5300 are on the same network, you need to stop spoofed IP at the border as well if you want to restrict the 5300 from talking to machines other than ser.
Alex
--On 24 June 2004 17:26 -0300 Ezequiel Colombo ecolombo@arcotel.net wrote:
OOPS ! Sorry, like this:
! access-list 101 permit udp host ip.of.you.ser any eq 5060 access-list 101 deny udp any any eq 5060 log access-list 101 permit ip any any !
interface FastEthernet 0 ip access-group 101 in !
Ezequiel
----- Original Message ----- From: Ezequiel Colombo To: gc ; serusers@lists.iptel.org Sent: Thursday, June 24, 2004 5:23 PM Subject: Re: [Serusers] Using AS5300 for SER
You can set an ACL to block incoming SIP traffic to your AS5300 like this:
interface FastEthernet 0 ip access-group 101 in ! access-list 101 permit udp host ip.of.you.ser any eq 5060 access-list 101 deny udp any any eq 5060 log
Ezequiel Colombo
----- Original Message ----- From: gc To: serusers@lists.iptel.org Sent: Thursday, June 24, 2004 5:16 PM Subject: [Serusers] Using AS5300 for SER
I am using AS5300 as PSTN Gateway for SER. I'd like to make the AS5300 only accept sip call forward by ser. Does anybody know how to setup AS5300 for this?
Gary
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Alex