Two IP Offices, Two SIP Trunks, one Internet connection

[CTravel]

Hi,

I have a scenario that has presented itself which I would like some advice on.
We have two IP Office 500's, each will have one or more SIP trunks, but we only have one internet connection for the voice traffic. (Call usage is very light on each + we have ISDN also) The systems are not yet in their place so configuration can be changed. These will sit behind a small Cisco 110w. I have 5 static IP's if necessary.

What is the best network setup for this ?

I have considered three options, but there are probably more.

1) LAN1 - connected to my main LAN for management etc with LAN2 connected to the Cisco 110w using NAT
2) LAN1 - connected to my main LAN for management etc with LAN2 connected to the Cisco 110w using separate Public IP's (with Firewall ACL by IP)
3) LAN1 - connected directly to the Cisco 110w using either Public or Nat.

The reason I've considered the Public IP option is that I can't get my head around the firewall rules (for NAT) where I have two IPO's going out on a single IP.
With a sole IPO I can port forward 5060 to the LAN IP, but with two IPO's I can't see how to do this easily. The same applies to the RTP ports, though I suppose I could ensure that the ranges were separate for each IPO so there is no crossover. I presume the 5060 is not changeable without persuading the telco to do the same ?

Any pointers would be appreciated. (I also need to build in some redundancy where I can make use of my other internet data connection, in the event of the voice connection going down - but I'll leave that until I've got it basically functioning)

Finally, is there a definitive list of the minimum ports that need to be allowed for SIP trunks to work through the Cisco 110w ?

Thank you

Paul

 

[holdmusic34]

Manager> SIP Line> Transport> Help.
Pleeeeease get professional help on this or it'll be f**ked like a unicycle with no seat or pedals.

If you are the professional help, pleeeease do the AIPS course.

Dulce et decorum pro Avaya mori

 

[IPGuru]

SIP trunking does not require port forwarding!

if you are port forwarding to an IPO for SIP Trunks they you are doing it wrong.
As per Holdmusic34 please have your system maintained by someone competent otherwise it will not be a case of IF you get hacked but WHEN!

A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear

 

[CTravel]

Thank you for your comments. I do have a professional maintenance contract in place, but like any diagnosis from a Doctor I generally seek professional second opinions - which is the reason for asking.

I'd still appreciate some advice to my original questions - especially in relation to the open ports required though the Cisco 110w. I like to know that the advice I have been given is appropriate.

 

[Gunnaro]

Why bring a $65 Cisco RV110w into the mix?
The glossy black finish doesn't mean it has Darth Vader strength.
When dealing with SIP Trunks you need to step it up on the security side.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[CTravel]

Ok. It seems I'm going nowhere. Thank you for your help.

 

[IPGuru]

we have already advised on the port forwarding requirements

NONE!

if your maintainer suggests otherwise go and find a competent one.

A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear