Greetings,
I am trying to determine requirements to configure our Cisco ASA for success with our future PBXAct60 (192.168.115.30) and SIP Station trunking. The Sangoma Wiki and other docs are all over the place concerning support access, SIP/RTP access, and SIP Station access. I would appreciate a sanity review of my current understanding of the internal/external network paths below. (All of our auto provisioning nodes are on our internal network).
Any constructive comments and references to authorative documents welcomed.
Best Regards,
Bob Confino - Volunteer Tech Team - New Life Bible Fellowship Church
?Sangoma Support access requirements?
*Port forward traffic (NAT) from Sangoma support to the VoIP PBX
Remote console access (ssh) for Sangoma Support
object network on-PBXAct-tcp-22
host 192.168.115.30
nat (inside2,outside) static interface service tcp 22 22
Remote OpenVPN access for Sangoma Support
object network on-PBXAct-udp-1194
host 192.168.115.30
nat (inside2,outside) static interface service udp 1194 1194
Remote OpenVPN access for Sangoma Support
object network on-PBXAct-tcp-1194
host 192.168.115.30
nat (inside2,outside) static interface service tcp 1194 1194
?Sangoma SIP traffic requirements?
*Port forward traffic (NAT) from the telephony ISP to the VoIP PBX
SIP traffic from Sangoma SIP Station Service (Telephony ISP) (SIP Trunking)
object network on-PBXAct-udp-5060
host 192.168.115.30
nat (inside2,outside) static interface service udp 5060 5060
SIP traffic from Sangoma SIP Station Service (Telephony ISP) (SIP Trunking)
object network on-PBXAct-udp-5061
host 192.168.115.30
nat (inside2,outside) static interface service udp 5061 5061
*ACLs for support traffic and SIP Station traffic
<Note:must remove ‘any’ from ACEs with ITSP IP address>
access-list outside_in permit tcp any host 192.168.115.30 eq 22 (enable/disable as needed)
access-list outside_in permit tcp any host 192.168.115.30 eq 1194 (enable/disable as needed)
access-list outside_in permit udp any host 192.168.115.30 eq 1194 (enable/disable as needed)
<Note:must remove ‘any’ from ACEs with ITSP IP address>
access-list outside_in permit udp any host 192.168.115.30 eq 5060
access-list outside_in permit udp any host 192.168.115.30 eq 5061
?Sangoma RTP traffic requirements?
**Port forward range of ports for RTP traffic from telephony ISP to the VoIP PBX
object network on-PBXAct60
host 192.168.115.30
object service os-udp-RTP-Ports-Range
service udp destination range 10000 11000
nat (inside2,outside) static interface service os-udp-RTP-Ports-Range os-udp-RTP-Ports-Range
**ACLs for RTP traffic
access-list outside_in extended permit udp any host 192.168.115.30 range 10000 11000
<must remove ‘any’ from above ACL with ITSP IP address>
Sangoma Node List
trunk1.freepbx.com 192.159.66.3
trunk2.freepbx.com 162.253.134.142
trunktrial1.freepbx.com 162.253.134.135
trunktrial2.freepbx.com 192.159.66.4
push2.schmoozecom.com 199.102.239.11