Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

H.323 Vlunerability

Hello,

As per Cisco advisory, PAT is not affected with the above vulnerability. But I would like to be sure with my setup.

I have a PAT for local LAN(10.10.1.0/24) for internet access and the public IP address I use for PAT is a 1.1.1.1(which is not the actual

address).

I am not using FWshield, but I am using a ACL which allows all traffic to 1.1.1

int s0/0

ip access-group 199 in

access-group 199 permit ip any host 1.1.1.1

Since the ACL is allowing any traffic to come in(including 1720 bogus traffic,) does this setup affect the above vulnerability .

Thanks in advance.

2 REPLIES
Cisco Employee

Re: H.323 Vlunerability

I would say, you should start using some firewall features. But using a PAT is also sort of disallowing incoming connections. So you shouldnt be affected

New Member

Re: H.323 Vlunerability

With respect to the same topic & ACL applied in my previous email, how secure is my internal hosts which are PATed and the inbound ACL is allowing full access to the public IP which is being used for PATing.

Thanks for the kind reply.

90
Views
5
Helpful
2
Replies
CreatePlease login to create content