We received your notification about the upcoming update requiring customers using Custom Telephony to whitelist the CIDR block 18.98.16.120/30 to ensure uninterrupted SIP signaling.
Our setup includes using Twilio Elastic SIP Trunks with Retell’s SIP server URI for origination, and we currently do not have any IP Access Control Lists or firewall restrictions on our SIP signaling traffic.
We also noted that your updated documentation mentions that
“Some non US traffic might go from IPs not listed above, but will be migrated to the first IP block by 12/03/2025”
We largely ONLY deal with US numbers.
Could you please confirm if we need to take any action to whitelist this CIDR in our environment, or if our current configuration is already compliant with the update?
Based on your setup using Twilio Elastic SIP Trunks with credential-based authentication and no existing IP Access Control Lists, you should add the new CIDR block 18.98.16.120/30 to your Twilio IP Access Control List(1).
According to the Custom Telephony documentation, the IP block 18.98.16.120/30 covers all regions, and some non-US traffic might go from IPs not listed but will be migrated to this first IP block by 12/03/2025(2).
For Twilio specifically, to accept Retell’s outbound requests, you need to whitelist IP addresses or create authentication with username and password(3). Since you’re currently using credential lists, adding the CIDR notation won’t break anything(4), but you should add it to ensure uninterrupted service(1).
The recommendation is to add the new CIDR whitelist 18.98.16.120/30 to your Twilio IP Access Control List while keeping your existing credential list in place(1).
I added it to my authorisation list in Twilio which is how we are interpreting this whitelist email. This is the existing IP ranges you add as part of SIP trunking.
have seen no adverse effects and it’s working fine.
I added it to my authorisation list in Twilio which is how we are interpreting this whitelist email. This is the existing IP ranges you add as part of SIP trunking.
have seen no adverse effects and it’s working fine.
Hey Nick, really appreciate the response.
Just wanted to confirm since we’ve heard fellow users fail to get calls after adding this, you do use Credential Lists for your SIP Trunks normally right? Or were you already using the IP Access Control Lists?
Our system currently uses only Credential Lists and no IP Access Control Lists. If it lines up with yours, we’ll continue with your advice
Our current architecture requires one current measure for access: either valid credentials or an approved IP whitelist. Since you have already configured credentials, no further action is required at this time.
Should any future security updates necessitate the use of both measures, we will proactively communicate those changes to you well in advance.
I can confirm that for Twilio SIP trunking with Retell AI, you need to whitelist IP addresses or create authentication with username and password(1). Since you’re using credential-based authentication, you don’t need to add IP whitelisting(1).
The documentation states that for your elastic SIP trunk to accept outbound requests, you need to whitelist IP addresses or create auth with username and password(1). With credentials configured, you’re covered(2).
