Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

paa
New Member

IOS h323 gateway security configuration

Hi!

I have a 2821 router, 2 h323-ISP and UCM 7. Router works as h323-to-h323 gateway between ISPs and UCM. I'd like to protect my equipment from VoIP hacks. Config are simple:

!
voice service voip
allow-connections h323 to h323
h323
  emptycapability
  h225 connect-passthru
  h245 passthru tcsnonstd-passthru
!

interface gig0/0

description =To-ISP-1=

ip address 192.168.0.2/30

!

interface gig0/1

description =To-ISP-2=

ip address 192.168.1.2/30

!

interface vlan 1

description =LAN=

ip address 10.0.0.2/24

!

interface vlan 2

description =WAN=

ip address 99.99.99.1/30

!

dial-peer voice 1 voip

description =To-ISP-1=

destination-pattern 1....

session target ipv4:192.168.0.1

!

dial-peer voice 2 voip

description =To-ISP-2=

destination-pattern 2....

session target ipv4:192.168.1.1

!

dial-peer voice 3 voip

description =To-UCM=

destination-pattern 3....

session target ipv4:10.0.0.1

!

UCM route all calls to 2821 on address 10.0.0.2.

1) What protocols and ports should I permit troght 2821 (Is it enought to permit incoming RTP and h323 TCP 1720 only from ISPs address on ISPs interfaces?), how to correct configure firewall?

2) If h323-session from any outside address come to router on WAN interface (99.99.99.1), should call be placed ?

3) Can somebody recomend docs adout UCM and h323 security?

181
Views
0
Helpful
0
Replies