Cisco Systems ASR 1000 Network Router User Manual

Open as PDF

of 112

8-6

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

OL-15421-01

Chapter 8 Integrated Session Border Controller Security

Topology Hiding

Packets arriving at the SBC are classified into flows using the following data: VPN ID, destination

address, destination port, protocol type, and source address. The source address is only required to match

a remote source address mask rather than a specific remote address.

DBE Restrictions

The following are restrictions of data border element (DBE) support for this feature:

• If the remote source address mask is specified for a termination, then it must contain the address in

the remote descriptor, unless NAT latching techniques are used. However if you want more than one

flow on the same local address or port, then the local address must be MGC-managed.

• A prefix length of 0 for the remote source address mask is invalid.

• The MGC is only allowed to specify local addresses and ports that lie within configured address and

port ranges.

Related Commands

• The media-address ipv4 command has dbe and mgc options that indicate whether an address pool

is provided from which the DBE or MGC can allocate addresses.

• The new media-address pool ipv4 command creates a pool of sequential IPv4 media addresses that

can be used by the DBE as local media addresses; the command also has dbe and mgc options.

Topology Hiding

Topology hiding is an important function of security because it protects the identity of the users and their

network addresses. See

Chapter 9, “Topology Hiding” for more information.

Traffic Management Policing

The data border element (DBE) supports the H.248 Traffic Management (Tman) package to police

signaling and media streams. The DBE can also monitor packets coming from the access (customer) side

and from the backbone (network core) side.

For more information on the Tman package, see the “H.248 Traffic Management Package Support”

section on page 5-1.

Two-Rate Three-Color Policing and Marking

The data border element (DBE) supports Two-Rate Three-Color Policing and Marking to control the

traffic coming from the user.

For more information on the Two-Rate Three-Color Policing and Marking feature, see the “Two-Rate

Three-Color Policing and Marking” section on page 5-5.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASR 1000 Network Router User Manual