Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11039
Views
5
Helpful
4
Replies

VoIP Port

cisco.net
Level 1
Level 1

‎12-02-2009 10:46 PM - edited ‎03-04-2019 06:51 AM

Hi All,

We want to block the VoIP ports on our network. Please share the known or standard ports used for VoIP.

Thanks

Labels:
0 Helpful
4 Replies 4

Armando Yesua Garcia Calderon
Cisco Employee
Cisco Employee

‎12-03-2009 07:43 AM

Hi.

for VOIP try:

access-list 101 deny udp any any range 16384 32767
access-list 102 deny udp any any eq 1718
access-list 102 deny udp any any eq 1719
access-list 102 deny tcp any any eq 1720


TCP port 1720 is the port used for the listening of the incoming call.
If you block access to this port, you will essentially deny voice call setup request from the IP side.

This will block H.323 call setups, for people using "standard" VoIP and the
standard port assignments. It won't block Net2Phone, Netspeak, or any one
of a number of proprietary VoIP implementations.

A more drastic approach is to block all UDP traffic on ports >5000, which
will kill H.323 and any other RTP-based scheme like MBONE conferencing. It
still won't block people who want to get through and are willing to use
proprietary schemes.

regards

Yesua

Ricardo Prado Rueda
Cisco Employee
Cisco Employee
In response to Armando Yesua Garcia Calderon

‎12-03-2009 01:24 PM

If you are using a Cisco Call Manager, you might want to check this link that summarizes all ports used by it:

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_tech_note09186a00801a62b9.shtml

Regards,

Rick.

0 Helpful

cisco.net
Level 1
Level 1
In response to Ricardo Prado Rueda

‎12-06-2009 01:58 AM

Thanks Yesua & Rick,

@ Yesua , PLease clear about the proprietary schemes u mentioned in reply. Have u know about "MAJIC JACK" (also used for VoIP calling). is this also a proprietary scheme.

Rgds

0 Helpful

Armando Yesua Garcia Calderon
Cisco Employee
Cisco Employee
In response to cisco.net

‎12-06-2009 08:55 AM

yes, propietary I mean not following at all an standard and creating their own thing, just like "majic jack", those are the ones more difficult to block.

Majic jack appears to uses the following udp ports and something strange is doing with tcp ports:

TCP Ports List: 80 (HTTP), 443 (HTTPS)

UDP Ports List: 5060, 5070, 10000-65535

You should be able to confirm this, the last time I found it was using only 5060 and 5070, so blocking this two probably will make it.

regards

Yesua    

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card