Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable H.323 and Session Initiation Protocol (SIP) services on TCP ports 1720 and 5060 of a IOS gateway router

Core Issue

The router, by default, responds to H.323 and SIP services on TCP ports 1720 and 5060.

Cisco gateways with SIP functionality listen to port 5060 by default.

Ports 1720, 5060 and other ports are open because all User Datagram Protocol (UDP) and TCP ports are open by default. You can disable the router listening on port 5060 by issuing this command:

The reason the router listens on port 1720 is likely that you are using an IP PLUS feature set Cisco IOS image.

Resolution

You can disable the router listening on port 5060 by issuing this command:

router(config)#sip-ua
router(config-sip-ua)#no transport tcp
router(config-sip-ua)#no transport udp

Cisco gateways running IOS  versions that support SIP protocol listen to TCP or UDP port 5060 by default, even when the gateway is not explicitly configured for SIP.

For port 1720, you must configure an Access Control List (ACL), as shown:

Router(config)#access-list 107 deny tcp any any eq 1720
Router(config)#interface e0
Router(config-if)#ip access-group 107 in

The reason the router listens on port 1720 is likely that you are using an IP PLUS feature set Cisco IOS image.

IP PLUS supports VoIP. It always has a default VoIP dial-peer (dial-peer 0). This listens on port 1720 for H.323 signaling. This behavior cannot be changed since the H.323 stack always runs with this feature set. If you do not want to use an ACL to control this behavior, you can use a feature set that does not support VoIP, such as an IP feature set.

To disable SIP, you need to upgrade to 12.3(8)T or later.

You can upgrade to to12.3(8)T or beyond by visiting: Software Downloads

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:04 PM
Updated by:
 
Labels (1)
Comments
New Member

About H.323, this doc is a bit obsolete. Since at least 12.4T, you can configure:

voice service voip
 h323
  call service stop 
New Member

I would like to disable h323 from listening on 1720 on the outside of my router.  I have 12.4(13r)T5 running on the Router, but I do not have any "voice" commands available in Global Config mode.  Is it that the "VOIP" features are not on the Router?  The article makes it sound like Voip is on by default.  Am I miss understanding that?