Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security concern in CME 4.0

Why are tcp ports 1720 and 2000 listenig on interface ATM0/1/0.2 in this configuration?

What are the risks?

Should I use an access-list to protect them?


controller E1 0/0/0

framing NO-CRC4

pri-group timeslots 1-10,16

vlan internal allocation policy ascending


interface GigabitEthernet0/0

ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

duplex auto

speed auto

no mop enabled

h323-gateway voip interface


interface Serial0/0/0:15

no ip address

encapsulation hdlc

isdn switch-type primary-net5

isdn incoming-voice voice

no cdp enable


interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto


interface ATM0/1/0.2 point-to-point

ip address 80.x.x.103

ip mtu 1492

ip nat outside

ip virtual-reassembly

no snmp trap link-status

pvc 8/32

encapsulation aal5snap



ip route


dial-peer voice 2 voip

destination-pattern .T

session target ipv4:

dtmf-relay h245-alphanumeric

codec g711alaw


dial-peer voice 1001 pots

destination-pattern T


port 0/0/0:15

no register e164



timer receive-rtp 1200



load 7960-7940 P0030702T023

load 7912 CP7912080001SCCP051117A

max-ephones 24

max-dn 48

ip source-address port 2000

service dnis overlay

url directories

user-locale ES

network-locale ES

time-zone 28

time-format 24

date-format dd-mm-yy

max-conferences 8 gain -6


web admin system name name password pass

transfer-system full-consult

night-service code *1900

directory last-name-first

create cnf-files version-stamp 7960 Apr 12 2006 17:23:22


Hall of Fame Super Gold

Re: Security concern in CME 4.0


1720 is h.323 and 2000 is SCCP. You may want to restrict the first to avoid casual calls if you are facing the internet. Port 2000 is much less an issue because to place calls the phone need to be registered that is fully configured in the system, or auto-reg, auto-assign enabled.

Hope this helps, Please rate all useful posts!

CreatePlease to create content