MiVoice Office 250 Installation and Administration Guide
448
• The following section defines the access control list (the rules) for traffic coming from the internal
LAN into the router. As a general rule here, you want to allow about everything to go out from
a trusted LAN.
! Access Control List e0in
!
ip access-list extended e0in
permit ip 192.168.1.0 0.0.0.255 any
deny ip any any
• The following section sets up the connection to the Internet. NAT is enabled between the Internet
and the internal LAN. Traffic from the Internet is filtered using the access-group called
Internet
.
interface Serial0/0
description connected to Internet
ip address 208.13.17.33 255.255.255.252
ip access-group s0in in
ip nat outside
• The following section defines the access control list (the rules) for traffic coming from the Internet
to either the Internal LAN or the DMZ. This is the first line of defense, so you want to filter as
much as possible. Responses to communications initiated from inside (for example, http request
for a web page) are controlled by the firewall functionality through dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.13.17.2 eq 5566
permit udp any host 208.13.17.2 eq 5567
permit udp any host 208.13.17.2 range 6004 6247
deny ip any any
The following command associates the public address with the MiVoice Office 250 private address.
This creates the “NATed” address. The ISP must be known to send packets for this public IP to the
MiVoice Office 250.
ip nat inside source static 192.168.1.2 208.13.17.2
!
The following commands set up the dynamic NAT configuration to use a pool of public addresses.
This is not specific to this example, but it is included here to contrast static vs. dynamic NAT.
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool NatPool0 208.13.17.40 208.13.17.62 netmask 255.255.255.0
ip nat inside source list 1 pool NatPool0 overload
!
Non-NAT DMZ Configuration
The following illustrates a nonNAT DMZ configuration.
Summary of Contents for MIVOICE OFFICE 250
Page 1: ...MiVoice Office 250 INSTALLATION AND ADMINISTRATION GUIDE RELEASE 6 3 SP3 ...
Page 24: ...MiVoice Office 250 Installation and Administration Guide xxiv ...
Page 29: ...Chapter 1 MiVoice Office 250 New Features ...
Page 54: ...MiVoice Office 250 Installation and Administration Guide 26 ...
Page 55: ...Chapter 2 Document Overview ...
Page 62: ...MiVoice Office 250 Installation and Administration Guide 34 ...
Page 63: ...Chapter 3 Product Description ...
Page 86: ...MiVoice Office 250 Installation and Administration Guide 58 ...
Page 87: ...Chapter 4 Specifications ...
Page 157: ...Chapter 5 Installation ...
Page 251: ...Installation 223 ...
Page 274: ...MiVoice Office 250 Installation and Administration Guide 246 4 Test for quality ...
Page 396: ...MiVoice Office 250 Installation and Administration Guide 368 ...
Page 397: ...Chapter 6 Reference ...
Page 416: ...MiVoice Office 250 Installation and Administration Guide 388 ...
Page 417: ...Appendix A Private Networking ...
Page 445: ...Appendix B Network IP Topology ...
Page 486: ...MiVoice Office 250 Installation and Administration Guide 458 ...
Page 487: ...Appendix C Open Source License Agreements ...
Page 506: ...MiVoice Office 250 Installation and Administration Guide 478 ...
Page 507: ...Appendix D Phones ...