In the current setup, asterisk is behind a different nat/firewall than the LAN phones. The phones are using sccp. If the asterisk box is compromised, it is not on the local LAN. This is what I think he doesn't want to give up.
Andy > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:asterisk-users- > [EMAIL PROTECTED] On Behalf Of Colin Anderson > Sent: Friday, January 12, 2007 12:20 PM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [asterisk-users] Suggestion for a new asterisk setup. > > >I am not sure that the security guy for this network will allow me to put > up the asterisk box dual homed to the public IP and the LAN. > > Your security guy needs to go back to school. If eth0 is on the LAN and > eth1 > is on the WAN, and the WAN connection is properly secured with only the > ports you need, and your SIP passwords arent 1234 or something that can be > guessed, what difference is there between this configuration and port > forwarding? The footprint you are exposing to the public internet is > exactly > the same. The only thing that I can think of is for IDS, you may have a > firewall that does this. Optionally, one could run a "soft" firewall on > the > WAN side that supports IDS if that is the issue. Otherwise, why not? > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
