Service provider telephone bill shows INTL calls made to single international number several times from different internal extension though those extensions have no INTL access. Checked CDR for those dates and time and nothing found. Checked system logs,security logs but nothing is found.
Is this possible and then how to find out whats going wrong?
SP says the CUCM security is compromised. I don't know on what basis SP syas this though customer has asked the explanation. There is no direct internet connection terminated on voice gateway. Single PRI line is used for 300 DIDs. Voice gateways are added as H323 gateways.
in the mean time you can collect the CDR data from the call manager and also collect detailed call manager traces to see if those calls even reached call manager or not because this can also happen at the router level.
Post the CDR data and the detailed call manager traces here with the extensions that were involved in this.
In addition to the points suggested by Manpreet, H323 gateways running version prior on to 15.x have no security. Someone with a voip softclient can point the softclient at the H323 gateway and make calls all day long and it wont show up on CDRs. You could add an ACL to the H323 interface to only allow H323 signaling (port 1720) from CUCM or upgrade to a 15.x train. If you are on 15.x train make sure you dont have the following set: http://www.cisco.com/c/en/us/support/docs/voice/call-routing-dial-plans/112083-tollfraud-ios.html
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...