02-07-2012 09:28 PM - edited 03-16-2019 09:27 AM
Hi,
We are running 3825 routers and CUCM 7.x. We have been asked to look at vulnerabilites in the security.
We have found that from inside the network we can setup an H323 soft phone, point it at our gateway and make external calls.
Besides applying ACL's on the interfaces specifying IP addresses, is there a way to secure the H323 devices that can connect to the gateway?
Thanks
David
Solved! Go to Solution.
02-09-2012 03:47 PM
Hi,
You can invoke the IP toll fraud implementation feature if you upgrade your
3800 to at least 15.1.2T
http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a0080b3e123.shtml
This allows you to build a kind of access list that only allows the IP addresses you state to access the gateway to
make calls
HTH
Alex
02-09-2012 04:15 PM
Or simply use static ACL denying access to TCP port 1720 and TCP/UDP ports 5060/5061 from non-authorised IPs.
02-07-2012 09:45 PM
check the below doc
http://www.cisco.com/en/US/partner/docs/ios/12_0t/voip/feature/guide/gwsecacc.html
thanks,
Vipul Jindal
02-08-2012 06:08 PM
Hi,
The Link does not seem to work.
Thanks
David
02-08-2012 06:11 PM
Try now:
http://www.cisco.com/en/US/docs/ios/12_0t/voip/feature/guide/gwsecacc.html
Please remember to rate helpful responses and identify
02-09-2012 02:14 PM
This Document was around Gateway to Gatekeeper security.
I was hoping to find out if there is a way to secure the Cisco Callmanager to Cisco H323 Gateway communications.
IE, only allowing the gateway to accept outgoing call requests from the CUCM cluster/
Thanks
David
02-09-2012 03:47 PM
Hi,
You can invoke the IP toll fraud implementation feature if you upgrade your
3800 to at least 15.1.2T
http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a0080b3e123.shtml
This allows you to build a kind of access list that only allows the IP addresses you state to access the gateway to
make calls
HTH
Alex
02-09-2012 04:15 PM
Or simply use static ACL denying access to TCP port 1720 and TCP/UDP ports 5060/5061 from non-authorised IPs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: