I keep getting a strange alert from CUCM 8.5.1(SU3) about an illegal UDP packet. The source address is from the H323 gateways and is in the RTP range?
Been looking around and cannot find any reference to it. Happens about once a week. Any ideas?
At Tue Nov 22 13:14:33 EST 2011 on node 10.11.2.253, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Critical
MatchedEvent : Nov 22 13:14:04 callmanager-pub local4 2 : 150: callmanager-pub: Nov 22 2011 13:14:04.784 +1100: %CSA-2-EVENT_SHIELD_DENY: %[PID=12653][component=CiscoSecurityAgent] : A packet with a bad transport layer header was detected. Reason: Illegal UDP Port. UDP: 10.12.4.254/27216->10.11.2.253/0. The operation was denied. [rule 819] AppID : Cisco Syslog Agent ClusterID :
No, my customer reported that it just “stopped”. You can disable the CSA if it continues. My concern was PSTN toll fraud, but there are ways of preventing this, which is what I did to put my mind at ease.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...