Manualshelf

Specifications

ManualsBrandsMitel Manualsphones8620
571572573574575576577578579580
Appendix B: Network IP Topology
ITP Endpoints and Networking
Page B-28 Mitel
®
5000 Installation Manual – Issue 3.0, October 2008
ITP Endpoints and Networking
This example shows that to add support for networking, you expand the ACL to allow the
Private Networking port to be accessible from the Internet to the Mitel CS-5200/5400/5600
system. Responses to communications initiated from inside (for example, http request for a
Web page) are controlled by the firewall functionality through dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit tcp any host 208.132.23.66 eq 5570
permit udp any host 208.132.23.66 range 6004 6247
deny ip any any
ITP Endpoints, Networking, and Remote Admin/Diagnostics
This example shows that to allow remote administration and diagnostics, you open up additional
ports shown in bold in the following example. Each of these ports has a distinct function, so they
should be evaluated individually to determine the need.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit tcp any host 208.132.23.66 eq 5570
permit tcp any host 208.132.23.66 eq 4000
permit tcp any host 208.132.23.66 eq 4444
permit tcp any host 208.132.23.66 eq 80
permit tcp any host 208.132.23.66 eq 22
permit udp any host 208.132.23.66 range 6004 6247
deny ip any any
ITP Endpoints, Networking, Remote Admin/Diagnostics, and SIP
Endpoints
This example shows that to allow SIP endpoints from the Internet, you open up the SIP port to
the SIP server. SIP endpoints on the “internal LAN” may require additional “fixup” if NAT is
performed between the internal LAN and the DMZ.
ip access-list extended s0in
permit tcp any host 208.132.23.66 eq 5566
permit udp any host 208.132.23.66 eq 5567
permit tcp any host 208.132.23.66 eq 5570
permit tcp any host 208.132.23.66 eq 4000
permit tcp any host 208.132.23.66 eq 4444
permit tcp any host 208.132.23.66 eq 80
permit tcp any host 208.132.23.66 eq 22
permit udp any host 208.132.23.67 eq 5060
permit udp any host 208.132.23.66 range 6004 6247
deny ip any any