EasyManua.ls Logo

Inter-Tel AXXESS - Example 2: ITP Endpoints and Inter-Tel Networking

Inter-Tel AXXESS
1626 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Page F-28
Appendix F – Network Topology
INTER-TEL
®
AXXESS
®
MANUAL VERSION 11.0 May 2008
Example 2: ITP Endpoints and Inter-Tel Networking
The following section sets up the connection to the Internet. NAT is enabled between
the Internet and the internal LAN. Traffic from the Internet is filtered using the access-
group called
Internet.
interface Serial0/0
description connected to Internet
ip address 208.13.17.33 255.255.255.252
ip access-group s0in in
ip nat outside
The next section defines the access control list (the rules) for traffic coming from the
Internet to either the Internal LAN or the DMZ. This is the first line of defense, so filter
as much as possible. Responses to communications initiated from inside (for example,
http request for a Web page) are controlled by the firewall functionality through
dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit udp any host 208.132.23.66 range 5004 5069
deny ip any any
The next section sets up the connection to the DMZ. NAT is not enabled between the
Internet and the DMZ. Traffic from the Internet is filtered using the access-group called
DMZ. The “inspect” statement enables the stateful firewall functionality.
interface Ethernet 1/0
description Site DMZ LAN
ip address 208.132.23.66 255.255.255.192
ip inspect dmzinspector in
ip access-group e1in in
ip inspect name dmzinspector udp
ip inspect name dmzinspector tcp
ip inspect name dmzinspector sip
The next section defines the access control list (the rules) for traffic coming from the
DMZ to either the Internal LAN or the Internet. Limit the communications between the
DMZ and the internal LAN as much as possible in the event one of the DMZ nodes is
compromised.
ip access-list extended e1in
deny ip any 192.168.100.0 0.0.0.255
permit ip any any
!
Example 2: ITP Endpoints and Inter-Tel Networking
15.6 To add support for Inter-Tel networking, expand the ACL to allow the Inter-Tel Private
Networking port to be accessible from the Internet to the Axxess system. Responses to com-
munications initiated from inside (for example, http request for a Web page) are controlled by
the firewall functionality through dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit tcp any host 208.132.23.66 eq 5570
permit udp any host 208.132.23.66 range 5004 5069
deny ip any any

Table of Contents

Other manuals for Inter-Tel AXXESS

Preview: User Guide
User Guide118 pages
Preview: Administrator's Guide
Administrator's Guide342 pages

Related product manuals