Support
Community

Hello and thank you for posting to our forum!

While many AOS commands are there, the NV644 is designed to sit behind a firewall.  It may very well do what you have listed but I cannot guarantee the performance.  The NV6240 is another option.  Keep in mind that you can have  60 active calls in the Dual DSP version and 30 in the Single DSP version of the NV6240.

Let us know if you have any questions.

Regards,

Geoff

I think the best thing to do is use a sip, http, https, telnet, and/or ssh access-class to restrict traffic/users.  This allows you to accomplish the same thing WITHOUT using the firewall.  You application will then be well within the scope of how this unit was tested.

You need to make standard or extended access-lists, but we will not be applying them on a policy-class.  For sip you can use something like your access-list and apply it to a sip access class:

ip access-list extended SIP

  permit ip host <ip address of SIP Server>  any  

To apply, use the global command:

ip sip access-class SIP in

For HTTP(S), Telnet, and/or SSH make your access list:

ip access-list extended Access_In

  permit ip host <management IP>  any

To apply, go into Line Telnet and/or SSH:

ip access-class Access_In

To apply for HTTP/HTTPS use these global commands:

http ip access-class Access_In

http ip secure-access-class Access_In

These commands can be used for the TA 900(e)s, NV 644s, and NV 6000 series.

Regards,

Geoff

There are few problems with the suggested config:

1) You can't apply an extended access list to the sip access-class (a standard access list works so this is not a big deal)

2) I'm getting an error adding the ACL to http

644(config)#ip access-list standard Access_In

Configuring Existing Standard ACL "Access_In"

644(config-std-nacl)#permit 192.168.1.199

644(config-std-nacl)#exit

644(config)#http ip access-class  Access_In in

%---------------------------------^

Access control list 'Access_In' does not exist.

3) ip doesnt have "access-class"

644(config)#ip

access-list            - Named access-list

classless              - Adhere to classless forwarding rules

It still doesn't work.

644(config)#ip access-list standard Access

Configuring New Standard ACL "Access"

644(config-std-nacl)#permit host 192.168.1.199

644(config-std-nacl)#exit

644(config)#ip access-class Access in

% Unrecognized command

Are you in line telnet or line ssh when you are issuing the command:

ip access-class Access in

Regards,

Geoff

I am connected through the serial port.

Sorry, I am not referring to how you are accessing the unit, but the configuration area for Telnet and SSH from the command line.  Let me be more specific.  You will need to be in global config mode.  Then go to the config for Telnet:

line telnet 0 4

Then enter the command:

ip access-class Access in

Then exit out back to global config mode and enter the config for SSH:

line ssh 0 4

Then enter the command:

ip access-class Access in

Regards,

Geoff