SIP ACL Configuration

Good Day.

I Hope I explain this right, and as a disclaimer i am really new at this.

I am attempting to setup an ACL on my Cisco Router to allow SIP telephone connectivity to my Asterisk server. In addition i will be setting up some asterisk connectivity with my SIP provider.

Specifically i need to know what ports i need to allow inbound as well as outbound to allow this type of connectivity. ( I hope this does not vary from vendor to vendor.)

My SIP provider simply says i need ports 5060-5061 as well as 10000-20000 but does not specify UDP or TCP nor does it specify inbound outbound or both.

Also, I really am not sure what i need in order for my phones out on the internet to get back to my server.

Any Information would be greatly appreciated.




Sounds about right and they are udp


Are you using NAT? If you are, good luck with that. If it works, I’d like to see your IOS configuration.


No, All IP’s are STATIC. The CISCO’s are just doing standard ACL Permit/Deny functions. i am just needing to know the ports to allow, and in what direction.

If it’s a standard Asterisk installation,

5060 UDP in for sip (can be changed in sip.conf)
10000-20000 UDP in for rtp (can be changed in rtp.conf)

Also, if you wan’t to use IAX, 4569 UPD in.

Assuming you allow UDP out on all ports, you shouldn’t have to change anything.