Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Securing PCI Compliant Voice Solution

Hi all,

We are looking at implimenting a PCI call recording solution based on Layer 3 edge switches, IP (Avaya) phones, SPAN aggregation of ports to call recorder situated behind an ASA5510-SSM10 unit.

I have attached the current design spec which has a few issues.

Primarily the Aggregated SPAN from the IP phones completly bypasses the ASA unit.

If anyone could help on the following it would be appreciated.

1) I would prefer a solution that does not bypass the ASA unit. The only option I see here is to push the aggregated SPAN link traffic (H323) through a separate context on the ASA unit.

I am unsure how to permit SPAN traffic to flow through the ASA and if there are any related issues doing this. Possibly ether-type access-list.

2) If the solution is not workable (through ASA) then how secure are SPAN links? We need to ensure that the solution is PCI compliant and this may be seen as a backdoor to the secure call recording servers.

Any advice or help on this would be appreciated.

Best Regards


CreatePlease to create content