Securing PCI Compliant Voice Solution

Unanswered Question
Apr 22nd, 2009

Hi all,

We are looking at implimenting a PCI call recording solution based on Layer 3 edge switches, IP (Avaya) phones, SPAN aggregation of ports to call recorder situated behind an ASA5510-SSM10 unit.

I have attached the current design spec which has a few issues.

Primarily the Aggregated SPAN from the IP phones completly bypasses the ASA unit.

If anyone could help on the following it would be appreciated.

1) I would prefer a solution that does not bypass the ASA unit. The only option I see here is to push the aggregated SPAN link traffic (H323) through a separate context on the ASA unit.

I am unsure how to permit SPAN traffic to flow through the ASA and if there are any related issues doing this. Possibly ether-type access-list.

2) If the solution is not workable (through ASA) then how secure are SPAN links? We need to ensure that the solution is PCI compliant and this may be seen as a backdoor to the secure call recording servers.

Any advice or help on this would be appreciated.

Best Regards


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion