Web GUI for CallManager

Unanswered Question
Jun 27th, 2007

Hi,

Need your help with HTTPS access.

I use (https://callmanagerIP/ccmadmin) to access the web GUI of CallManager. This way I dont have to access the server via terminal then open Callamanger.

Ive applied the following on the router ACL:

permit tcp 10.70.16.0 0.0.0.255 eq 443 host 10.70.18.1

deny ip 10.70.16.0 0.0.0.255 10.70.18.0 0.0.0.255

10.70.16.x is my PC LAN and 10.70.18.x is Callmanager IP. But is still doesnt work when this is applied on the outgoing interface. When I remove the statement, it works. It seems the the deny on the bottom of the statement is taking affect and the show ip access-list counter increases when the ACL is applied and at the same time me trying to access from my PC https://callamangerIP/ccmadmin

Please help.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
MikeTomasko Wed, 06/27/2007 - 05:36

Can you post more of your router config, like your access-lists? Do you know which ACL is increasing?

Peter Valdes Wed, 06/27/2007 - 06:00

Hi,

The callmanager IP address is 10.70.70.1. The deny statement " deny ip 10.70.68.0 0.0.0.255 10.70.70.0 0.0.0.255" is blocking the web access as the counter increases when I try to access and im on the 10.70.68.0 network.

Below is the ACL:

ip access-list extended VOIP-FWout

remark PERMIT ICMP FROM TRUSTED NETWORK

permit icmp 10.0.0.0 0.255.255.255 10.70.70.0 0.0.0.255

permit icmp 172.0.0.0 0.255.255.255 10.70.70.0 0.0.0.255

permit icmp 203.215.128.0 0.0.7.255 10.70.70.0 0.0.0.255

permit ip host x.x.x.x 10.70.70.0 0.0.0.255

permit ip host x.x.x.x 10.70.70.0 0.0.0.255

permit ip host x.x.x.x 10.70.70.0 0.0.0.255

remark PERMIT IP Communicator Network

permit ip 10.200.0.0 0.0.255.255 10.70.70.0 0.0.0.255

remark PERMIT TEAM NETWORK IN TO VOICE NETWORK

permit tcp 10.70.68.0 0.0.0.255 eq 443 host 10.70.70.1

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.1 eq www

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.1 eq 3389

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.2 eq 3389

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.15 eq www

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.15 eq 3389

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.10 eq 3389

permit tcp host 10.70.70.254 10.70.70.0 0.0.0.255 eq telnet

permit tcp host 192.168.100.100 10.70.70.0 0.0.0.255 eq 3389

remark PERMIT PCANYWHERE TO WORKSMART CONSOLE FROM TEAM NETWORK

permit tcp 10.70.68.0 0.0.0.255 10.70.70.0 0.0.0.255 eq 5631

permit udp 10.70.68.0 0.0.0.255 10.70.70.0 0.0.0.255 eq 5632

remark PERMIT PBS TO CM SQL FOR CDR

permit tcp host 192.168.100.100 host 10.70.70.1 eq 1433

remark PERMIT SERVCORP NETWORK ACCESS TO UNITY

permit tcp 10.70.68.0 0.0.0.255 host 10.70.70.15

permit udp 10.70.68.0 0.0.0.255 host 10.70.70.15

remark PERMIT PER DC DNS ACCESS TO UNITY

permit tcp host 10.70.68.10 host 10.70.70.15 eq domain

permit udp host 10.70.68.10 host 10.70.70.15 eq domain

remark PERMIT PER DC ACCESS TO WORKSMART SERVER FOR BACKUPS

permit tcp host 10.70.68.10 host 10.70.70.10 range 135 139

permit udp host 10.70.68.10 host 10.70.70.10 range 135 netbios-ss

permit tcp host 10.70.68.10 host 10.70.70.10 eq 445

remark PERMIT PRINTSERVER ACCESS TO UNITY SERVER FOR SMTP

permit tcp host 192.168.100.100 host 10.70.70.15 eq smtp

remark PERMIT PRINTSERVER ACCESS TO UNITY SERVER FOR LOGS

permit tcp host 192.168.100.100 host 10.70.70.15 range 135 139

permit udp host 192.168.100.100 host 10.70.70.15 range 135 netbios-ss

permit tcp host 192.168.100.100 host 10.70.70.15 eq 445

permit tcp host 192.168.100.100 host 10.70.70.15 eq domain

permit udp host 192.168.100.100 host 10.70.70.15 eq domain

remark PERMIT PRINTSERVER ACCESS TO WORKSMART SERVER FOR BACKUPS

permit tcp host 192.168.100.100 host 10.70.70.10 range 135 139

permit udp host 192.168.100.100 host 10.70.70.10 range 135 netbios-ss

permit tcp host 192.168.100.100 host 10.70.70.10 eq 445

remark PERMIT MANAGEMENT FOR SYMANTEC

permit tcp host 10.70.68.10 10.70.70.0 0.0.0.255 eq www

permit tcp host 10.70.68.10 10.70.70.0 0.0.0.255 eq 443

permit tcp host 10.70.68.10 10.70.70.0 0.0.0.255 eq 2967

permit udp host 10.70.68.10 10.70.70.0 0.0.0.255 eq 2967

permit udp host 10.70.68.10 10.70.70.0 0.0.0.255 eq 38293

remark DENY SERVCORP TEAM IP TO VOICE NETWORK

deny ip 10.70.68.0 0.0.0.255 10.70.70.0 0.0.0.255

remark PERMIT VOICE NETWORK ACCESS TO EUROPE SINGAPORE NEWZEALAND

permit tcp 10.0.0.0 0.0.255.255 10.70.70.0 0.0.0.255

permit udp 10.0.0.0 0.0.255.255 10.70.70.0 0.0.0.255

deny ip any any

Actions

This Discussion