Проблему не решил ( Ночью 3 внешних IP подключились и начали обзванивать все, что можно.
Вот такие коннекты на SIP-сервер:2018/11/07 22:58:01.098 25:53:46.015 Opal Listener:248 sipep.cxx(353) SIP Waiting for PDU on udp$
188.161.115.186:27093<if=udp$172.16.100.15:
5063>
2018/11/07 22:58:01.099 25:53:46.015 Opal Listener:248 sippdu.cxx(2047) SIP PDU received: rem=udp$
188.161.115.186:27093,local=udp$172.16.100.15:
5063,if=172.16.100.15
INVITE sip:0810442036271584@31.xx.xx.202:5063 SIP/2.0
CSeq: 1 INVITE
Via: SIP/2.0/UDP
10.10.250.233:27093;branch=z9hG4bK-bb7f9872d3c5ab81782c39b35f411224;rport
User-Agent: sipcli/v1.8
From: 1004<sip:1004@31.xx.xx.202>;tag=57ce4699
Call-ID: bb7f9872d3c5ab81782c39b35f411224
To: 0810442036271584<sip:0810442036271584@31.xx.xx.202>
Contact: <sip:1004@10.10.250.233:27093>
Я не могу понять, как они проходят, если порты закрыты?Зашел на
https://hidemyna.me/ru/ports/, указал порты 5060, 5061, 5062, 5063, 5064, 5065, 5066, 5067, 5068. Результат: All 9 scanned ports on (31.xx.xx.202) are closed (8) or filtered (1)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds.
То, что FILTERED - это 5060.
Сейчас такой конфиг:object-group network VoIP-Access
description VoIP Providers
host 85.95.128.5
host 188.113.128.42
host 91.189.232.24
host 213.170.92.166
host 109.69.176.249
host 81.88.86.11
host 212.122.2.180
interface FastEthernet0
ip address 31.xx.xx.202 255.255.255.248
ip access-group SIP_Grp_Access in
no ip redirects
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
ip address 172.16.100.10 255.255.255.0
ip nat inside
no ip virtual-reassembly
ip nat inside source list OP interface FastEthernet0 overload
ip nat inside source list BUHGALTERIA interface FastEthernet0 overload
ip nat inside source list DOSTAVKA interface FastEthernet0 overload
ip nat inside source list YA interface FastEthernet0 overload
ip nat inside source list NAT interface FastEthernet0 overload
ip nat inside source static tcp 172.16.100.40 480 interface FastEthernet0 480
ip nat inside source static tcp 172.16.100.14 25 interface FastEthernet0 25
ip nat inside source static tcp 172.16.100.40 3389 interface FastEthernet0 3999
ip nat inside source list SIP interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 31.xx.xx.201
!
ip access-list extended OP
permit tcp host 172.16.100.113 any eq 443
permit tcp host 172.16.100.113 any eq www
ip access-list extended BUHGALTERIA
permit tcp host 172.16.100.145 any eq 443
permit tcp host 172.16.100.145 any eq www
ip access-list extended DOSTAVKA
permit tcp host 172.16.100.160 any eq www
permit tcp host 172.16.100.160 any eq 443
ip access-list extended YA
permit tcp host 172.16.100.101 any eq www
permit tcp host 172.16.100.101 any eq 443
ip access-list extended NAT
permit ip host 172.16.100.102 any
permit ip host 172.16.100.114 any
permit ip host 172.16.100.40 any
permit ip host 172.16.100.11 any
permit ip host 172.16.100.14 any
permit ip host 172.16.100.24 any
permit ip host 172.16.100.41 any
ip access-list extended SIP #Это SIP-сервер permit ip host 172.16.100.15 host 85.95.128.5
permit ip host 172.16.100.15 host 188.113.128.42
permit ip host 172.16.100.15 host 91.189.232.24
permit ip host 172.16.100.15 host 213.170.92.166
permit ip host 172.16.100.15 host 109.69.176.249
permit ip host 172.16.100.15 host 81.88.86.11
permit ip host 172.16.100.15 host 212.122.2.180
ip access-list extended SIP_Grp_Access
permit tcp object-group VoIP-Access any eq 5060 log-input
deny tcp any any eq 5060 log-input
deny udp any any eq 5060 log-input
permit ip any any