Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
1
Replies

Forensics

oneirishpollack
Level 1
Level 1

‎01-16-2009 05:50 AM - edited ‎03-15-2019 03:34 PM

Problem: Verizon calls to report we had two long-distance calls on such and such date to Cuba. The number number they were dialed from comes back as our PRI line. We use Cisco Call Manager 4.1.

How can I determine the device or DID number that made these calls? If I can get the DID number I can link it to a device.

Thanks,

K

Labels:
0 Helpful
1 Reply 1

Nicholas Matthews
Level 9
Level 9

‎01-16-2009 06:11 AM

There's a good chance that you have a public IP on your gateway.

There's also a good chance that this public IP doesn't have both TCP and UDP ports 5060 blocked.

That's my guess.

I would apply this ACL to your outside interface:

access-list 101 deny tcp any any eq 5060 log

access-list 101 deny udp any any eq 5060 log

access-list 101 deny tcp any any eq 1720 log

access-list 101 permit ip any any

If this is just two calls, then it may be a user and you would want to check your CDR records.

You may want to read this link anyway:

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml

hth,

nick

0 Helpful
Customers Also Viewed These Support Documents