IOS h323 gateway security configuration

Unanswered Question

Hi!

I have a 2821 router, 2 h323-ISP and UCM 7. Router works as h323-to-h323 gateway between ISPs and UCM. I'd like to protect my equipment from VoIP hacks. Config are simple:

!
voice service voip
allow-connections h323 to h323
h323
  emptycapability
  h225 connect-passthru
  h245 passthru tcsnonstd-passthru
!

interface gig0/0

description =To-ISP-1=

ip address 192.168.0.2/30

!

interface gig0/1

description =To-ISP-2=

ip address 192.168.1.2/30

!

interface vlan 1

description =LAN=

ip address 10.0.0.2/24

!

interface vlan 2

description =WAN=

ip address 99.99.99.1/30

!

dial-peer voice 1 voip

description =To-ISP-1=

destination-pattern 1....

session target ipv4:192.168.0.1

!

dial-peer voice 2 voip

description =To-ISP-2=

destination-pattern 2....

session target ipv4:192.168.1.1

!

dial-peer voice 3 voip

description =To-UCM=

destination-pattern 3....

session target ipv4:10.0.0.1

!

UCM route all calls to 2821 on address 10.0.0.2.

1) What protocols and ports should I permit troght 2821 (Is it enought to permit incoming RTP and h323 TCP 1720 only from ISPs address on ISPs interfaces?), how to correct configure firewall?

2) If h323-session from any outside address come to router on WAN interface (99.99.99.1), should call be placed ?

3) Can somebody recomend docs adout UCM and h323 security?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion