Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VCS Registration only via SIP TLS, but B2B Calls via all Protocols,Possible via CPL?

Dear all,


my customer wants to allow endpoints to only register via SIP TLS on their VCS-Expressway.

B2B calls shall be allowed via both SIP TLS & TCP as well as H323.

Is there a way on VCS to deny SIP TCP and H323 registrations via CPL?

If yes, how?

I made a quick drawing and attached it as pdf, to clarify what I mean.

Thanks in advance!


Best regards,

Alex

Everyone's tags (6)
2 REPLIES

VCS Registration only via SIP TLS, but B2B Calls via all Protoco

H323 registration can be stopped simply be creating a Deny rule for your H323 registration port (default is 1719/udp) on the VCS's built-in firewall.  I had to restart the VCS for it to take effect, although I shouldn't have.  SIP is much more difficult though because the registration port is not unique--it's the same port used for call setup.  I don't recall anything in CPL that will let you do this, but I'm sure others have more experience with CPL than I do.

Cisco Employee

VCS Registration only via SIP TLS, but B2B Calls via all Protoco

Hi Alexander,

please check if setting up Default Zone Access Rules would resolve your problem - (

Configuration>Zones >Default Zone access rules).

And also I imagine that the local and remote expressway will establish client - server traversal zone , correct?

Regars//Andrey

630
Views
0
Helpful
2
Replies
CreatePlease login to create content