Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
0
Helpful
2
Replies

security on a remote site

Go to solution
Prabath Godevithanage
Level 4
Level 4

‎10-12-2010 04:27 PM - edited ‎03-16-2019 01:18 AM

We need to extend our internal voice network to be able to access by the staff in a remote location that we dont have any administration.Just wondering if any of you guys have any experience locking down the network just only for voice no data at all

remote site will be using

CISCO 3750 connected via Microwave please refer to the toplogy

Please let me know your ideas,any security implementation on that is appreciated

Thanks in advance

***Please rate all the useful posts***
-Prabath
Labels:
Preview file
25 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cedric Van Labeke
Cisco Employee
Cisco Employee

‎10-13-2010 05:46 AM

Hi there,

Depending on the amount of phones and the amount of switchports, I'd just go for a tight port security setup.

Then only put the voice-vlan ID as both access as voice vlan. (Or you could go and use 802.1x)

You could even further lock it by only opening specific network ports between phones and CUCM by using ACL's on the switch.

Please refer to the following document:

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf

There's such a document for all major versions of CUCM.

Furthermore, you should lock your switches from physical access if possible. Or at least put some sort of authentication on the local console (sometimes forgotten while only remote access is enabled)

Hope this helps you further.

Cedric

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Cedric Van Labeke
Cisco Employee
Cisco Employee

‎10-13-2010 05:46 AM

Hi there,

Depending on the amount of phones and the amount of switchports, I'd just go for a tight port security setup.

Then only put the voice-vlan ID as both access as voice vlan. (Or you could go and use 802.1x)

You could even further lock it by only opening specific network ports between phones and CUCM by using ACL's on the switch.

Please refer to the following document:

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf

There's such a document for all major versions of CUCM.

Furthermore, you should lock your switches from physical access if possible. Or at least put some sort of authentication on the local console (sometimes forgotten while only remote access is enabled)

Hope this helps you further.

Cedric

0 Helpful

Go to solution
ROBERTO TACCON
Level 4
Level 4

‎10-13-2010 06:43 AM

If the IP PBX is centrally located maybe the Cisco ASA Phone Proxy is the solution

  1. a Cisco IP Phone
  2. an ASA VPN box
  3. an ASA TLS Proxy license (phone proxy comes with 25 licenses to start then you can buy additional licenses.)

http://www.networkworld.com/community/node/42488

Cisco ASA Phone Proxy Configuration

http://angryciscoguy.com/jello/?p=100

0 Helpful
Customers Also Viewed These Support Documents