2 Replies Latest reply on Nov 1, 2012 9:30 AM by PhilM

    How to enable the rules for Cisco Viop


      My Firewall is McAfee Firewall Enterprise 4.10. I have already built up the IPsec VPN between A site and B site. I would like to use the Cisco IP Phone between 2 sites. What kinds of rules shall I make? Which service port shall i enable?


        • 1. Re: How to enable the rules for Cisco Viop

          4.10 is the version of the Admin Console, not the firewall itself.


          This question should be asked of Cisco as it is their product. What ports/protocols do they use? Once you know that, we can help you create the necessary rules.



          • 2. Re: How to enable the rules for Cisco Viop

            As Matt has said, the version number you have given if got the Admin Console GUI.


            If you look at the main dashboard screen when you first log in this should at least tell you the core version running - A 4.10 Admin Console probably means you are running a v7.0.1.xx Firewall (the Maintenance -> Software Management page will confirm exactly which).


            Much of what you want to know, however, will depend on the burb which has been selected in the VPN Definition on the Firewall. Go to Network -> VPN Configuration -> VPN Definitions screen and look at the configuration of the entry created for this site to site tunnel. In the upper right-hand corner of the "General" tab you should see which burb this VPN has been assigned to. If it is the Internal burb (or if it is the same burb and the network containing the Cisco IP phones) then as far as your side is considered there is nothing else to think about.


            The terminating burb is the point where the unencrypted traffic will appear and this is beyond the boundary controlled by the Firewall engine. The only considerations you will need to make are at the other end of the link.


            To try and put it into simple terms. If the two sites were both running McAfee Firewalls and you had a site to site VPN configured on each where the terminating burb/zone was "internal" then traffic will pass between the two sites transparently without requiring and addition Firewall rules.