Hello All,
I am trying to determine requirements to configure our Cisco ASA for success with our future PBXAct60 (192.168.115.30) and Sangoma Remote Access / Support. The Sangoma Wiki and other docs are all over the place concerning support access. I would appreciate a sanity review of my current understanding of the internal/external network paths below.
Any constructive comments and references to authorative documents welcomed.
Best Regards,
Bob Confino - Volunteer Tech Team - New Life Bible Fellowship Church
?Sangoma Support access requirements?
*Port forward traffic (NAT) from Sangoma support to the VoIP PBX
Remote console access (ssh) for Sangoma Support
object network on-PBXAct-tcp-22
host 192.168.115.30
nat (inside2,outside) static interface service tcp 22 22
Remote OpenVPN access for Sangoma Support
object network on-PBXAct-udp-1194
host 192.168.115.30
nat (inside2,outside) static interface service udp 1194 1194
Remote OpenVPN access for Sangoma Support
object network on-PBXAct-tcp-1194
host 192.168.115.30
nat (inside2,outside) static interface service tcp 1194 1194
*ACLs for support traffic and SIP Station traffic
<Note:must remove ‘any’ from ACEs with ITSP IP address>
access-list outside_in permit tcp any host 192.168.115.30 eq 22 (enable/disable as needed)
access-list outside_in permit tcp any host 192.168.115.30 eq 1194 (enable/disable as needed)
access-list outside_in permit udp any host 192.168.115.30 eq 1194 (enable/disable as needed)