First off, I apologize if this is in the wrong section. I was not sure if this should go here on in the firewall section.
I am evaluating a SSG 220 appliance to replace our current 5510. So far I love the SSG but one one huge issue. We have a locally installed Cisco phone system (CM8.5). We currently have 7 users that work out of their home and use our Cisco 7965G phones. They currently connect to the ASA which has a phone proxy license which setups up the communication and allows them to work.
So far I see two choices.
-Open the needed ports on the firewall (TFTP is one). This is not really an option as it is too insecure. Is there a way to setup a DNAT or firewall rule to only allow certain MAC addresses maybe?
-The other option is to use RED's for all users. This would make the cost per user go up a fair amount but may work. The other problem is the limit of 20 RED's per SSG 220 box. Right now we are well within that limit but I know the number will increase by at least 4 already.
The SIP, H.323 options seem to be for connecting out to other Hosted VOIP providers as opposed for incoming traffic. Am I missing some other alternative? I would really like to move forward with this box.
I am evaluating a SSG 220 appliance to replace our current 5510. So far I love the SSG but one one huge issue. We have a locally installed Cisco phone system (CM8.5). We currently have 7 users that work out of their home and use our Cisco 7965G phones. They currently connect to the ASA which has a phone proxy license which setups up the communication and allows them to work.
So far I see two choices.
-Open the needed ports on the firewall (TFTP is one). This is not really an option as it is too insecure. Is there a way to setup a DNAT or firewall rule to only allow certain MAC addresses maybe?
-The other option is to use RED's for all users. This would make the cost per user go up a fair amount but may work. The other problem is the limit of 20 RED's per SSG 220 box. Right now we are well within that limit but I know the number will increase by at least 4 already.
The SIP, H.323 options seem to be for connecting out to other Hosted VOIP providers as opposed for incoming traffic. Am I missing some other alternative? I would really like to move forward with this box.