We are looking at implimenting a PCI call recording solution based on Layer 3 edge switches, IP (Avaya) phones, SPAN aggregation of ports to call recorder situated behind an ASA5510-SSM10 unit.
I have attached the current design spec which has a few issues.
Primarily the Aggregated SPAN from the IP phones completly bypasses the ASA unit.
If anyone could help on the following it would be appreciated.
1) I would prefer a solution that does not bypass the ASA unit. The only option I see here is to push the aggregated SPAN link traffic (H323) through a separate context on the ASA unit.
I am unsure how to permit SPAN traffic to flow through the ASA and if there are any related issues doing this. Possibly ether-type access-list.
2) If the solution is not workable (through ASA) then how secure are SPAN links? We need to ensure that the solution is PCI compliant and this may be seen as a backdoor to the secure call recording servers.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...