H323 Voice GW use port TCP 1720 for communication, no other ports. You may be confused with UDP RTP ports 16384-32767 range. Port 1719 is only used for Gatekeeper RAS. So, your config looks fine, assuming you only want to block H323 and SIP traffic on the GW.
There is an extensive application note on toll fraud prevention for Callmanager Express which also applies partially to standalone VoIP gateways. Regarding H323 and SIP security (your current issue) the issues are the same for CME and VoIP gateways.
Your access list is missing SIP TCP port 5060. The gateway will listen on TCP 1720, and UDP and TCP 5060 by default. If you have a bound interface for SIP, only that ip address will listen.
It looks like your access list is still allowing TCP port 5060.
There are a number of incidents where we see attacks on SIP ports on public IP addresses that will try to hairpin calls through gateways. If you have a public IP, make sure you block all TCP/UDP 5060 and TCP 1720.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...