Dual nic setup

[Tom Waterman]

We are reviewing out current PBX set and looking to improve overall paerformance of the system. Our current setup is a single nic that is connected into our dmz. We have a SIP trunk to call centric for our main traffic and we have a couple of Audiocodes gateways that connect to POTS lines for backup. I have a second nic that we can allocate tot this VM I was just wondering if anyone had any design thoughts. I could also connect the outside interface directly to the internet as we have a public IP but then I loose the protection of our ASA 5510. I look forward to any comments.

 

Tom

[Vodia PBX]

Well, my first comment is that the number of physical hardware NIC is not really so much the point. You can, for example, add another IP address to the same NIC (just make sure it is not in the same subnet).

 

If you are using a service provider with a SBC (like callcentric) then you don't even need a public IP address. They take care about it; though I am sure they would not complain about it--if it is setup the right way. I am definitevely a big fan of routable IP addresses; IMHO they are a must-have if you have remote users that register from home.

 

When it comes to firewall protection, I still wonder what that exactly is. The only thing that comes to my mind is TCP/SYN flooding protection; hower a recently updated OS should also do the job on this one. If you check with netstat that only relevant ports are open to the public, the risk not having a firewall in fron of the PBX seems absolutely okay to me. Whenever I hear "firewall" I ask if they are SIP-aware and then my first recommendation is to turn it off (usually that solve a lot of issues right away). Though I am not the big experts on firewalls; to me this is kind of pill. Maybe someone can enlighten me.