SAMPLE ACL ! Permit SIP, MGCP, H.323 and RTP services from trusted hosts destined to infrastructure addresses ! You will have to reproduce these lines for each of the different trusted hosts access-list 199 permit tcp VALID_SIP_HOSTS MASK any MASK eq 5060 access-list 199 permit tcp VALID_SIP_HOSTS MASK any MASK eq 5061 access-list 199 permit udp VALID_SIP_HOSTS MASK any MASK eq 5060 access-list 199 permit udp VALID_SIP_HOSTS MASK any MASK eq 5061 access-list 199 permit udp VALID_SIP_HOSTS MASK any MASK eq 2427 access-list 199 permit tcp VALID_SIP_HOSTS MASK any MASK eq 1720 access-list 199 permit tcp VALID_SIP_HOSTS MASK any MASK eq 11720 access-list 199 permit udp VALID_SIP_HOSTS MASK any MASK eq 2517 access-list 199 permit udp VALID_SIP_HOSTS MASK any MASK range 16384 32767 ! Deny SIP, MGCP, H.323 and RTP packets from all other sources destined to infrastructure addresses. access-list 199 deny tcp any any MASK eq 5060 access-list 199 deny tcp any any MASK eq 5061 access-list 199 deny udp any any MASK eq 5060 access-list 199 deny udp any any MASK eq 5061 access-list 199 deny udp any any MASK eq 2427 access-list 199 deny tcp any any MASK eq 1720 access-list 199 deny tcp any any MASK eq 11720 access-list 199 deny udp any any MASK eq 2517 access-list 199 deny udp any any MASK range 16384 32767 ! Permit all other traffic to the router access-list 199 permit ip any any interface serial 5/0 ip access-group 199 in