I have a 2821 router, 2 h323-ISP and UCM 7. Router works as h323-to-h323 gateway between ISPs and UCM. I'd like to protect my equipment from VoIP hacks. Config are simple:
voice service voip
allow-connections h323 to h323
h245 passthru tcsnonstd-passthru
ip address 192.168.0.2/30
ip address 192.168.1.2/30
interface vlan 1
ip address 10.0.0.2/24
interface vlan 2
ip address 126.96.36.199/30
dial-peer voice 1 voip
session target ipv4:192.168.0.1
dial-peer voice 2 voip
session target ipv4:192.168.1.1
dial-peer voice 3 voip
session target ipv4:10.0.0.1
UCM route all calls to 2821 on address 10.0.0.2.
1) What protocols and ports should I permit troght 2821 (Is it enought to permit incoming RTP and h323 TCP 1720 only from ISPs address on ISPs interfaces?), how to correct configure firewall?
2) If h323-session from any outside address come to router on WAN interface (188.8.131.52), should call be placed ?
3) Can somebody recomend docs adout UCM and h323 security?