Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2664
Views
0
Helpful
3
Replies

SIP softphone register with CME without username/password

Go to solution
oldcreek12
Level 1
Level 1

‎01-30-2010 09:39 AM - edited ‎03-15-2019 09:15 PM

I set up a SIP-SIP gateway on a C2821, this C2821 routes all outbound calls from CUCM to an ITSP (both over SIP trunk), C2821 itself does
not act a CME, i.e, there are no SCCP or SIP clients registered to it, in fact I do not have any configuration that would allow a SCCP/SIP
phone to register/authenticate, however, I found that a software SIP phone that has IP connectivity to this C2821 can register to it with random username/direcotry number/password and therefore make outbound phone calls. I am puzzled, did I miss anything obvious?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎01-30-2010 09:51 AM

Registering and making calls are two different things.

The phone probably is not registering, but yes it is normal that if you do not put an ACL on the interface, anyone on the interned will be able to toll-fraud yourself.

View solution in original post

0 Helpful

Go to solution
William Bell
VIP Alumni
VIP Alumni

‎01-30-2010 10:10 AM

I would look at using ACLs to protect the solution from the network side.  I would also look at implementing the security guidelines outlined in the following doc:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/security.html

There is a way to restrict registration from phones (primarily SCCP).

With CME 4.x and later you can also enable Digest Authentication.  I would think that using ACLs as the primary defence, configuring digest auth as a secondary, and then turning off/blocking/disabling other sub-features in CME would be the path you should look into.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎01-30-2010 09:51 AM

Registering and making calls are two different things.

The phone probably is not registering, but yes it is normal that if you do not put an ACL on the interface, anyone on the interned will be able to toll-fraud yourself.

0 Helpful

Go to solution
William Bell
VIP Alumni
VIP Alumni

‎01-30-2010 10:10 AM

I would look at using ACLs to protect the solution from the network side.  I would also look at implementing the security guidelines outlined in the following doc:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/security.html

There is a way to restrict registration from phones (primarily SCCP).

With CME 4.x and later you can also enable Digest Authentication.  I would think that using ACLs as the primary defence, configuring digest auth as a secondary, and then turning off/blocking/disabling other sub-features in CME would be the path you should look into.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
oldcreek12
Level 1
Level 1
In response to William Bell

‎01-30-2010 10:27 AM

Thank you both for the quick replies, I now understand where my problem was.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents