From an intra-industrial perspective, unless you're providing end-to-end managed connections and hardware or software packaging, you're obviously not going to limit SIP to particular IP addresses, though you will most certainly, most emphatically restrict SSH and other services that way.
As others have pointed out, when dealing with customers over the public Internet, endpoint IPs are very likely to change. Between the customers on dynamic IPs, the road-warriors using softphones, etc. maintaining ACLs with tens of thousands of IP blocks isn't practical. What you *will* do in such a situation is invest in an SBC or a lower-end device. It doesn't so much matter what you use as long as it is secure, performant and robust, in that order: a properly locked-down administrative border for your sessions of *some* description needs to stand between your platform's internal VoIP network elements and the outside world. -- Alex Balashov - Principal Evariste Systems LLC 1170 Peachtree Street 12th Floor, Suite 1200 Atlanta, GA 30309 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/ -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
