Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VoIP Port

Hi All,

We want to block the VoIP ports on our network. Please share the known or standard ports used for VoIP.

Thanks

4 REPLIES

Re: VoIP Port

Hi.

for VOIP try:

access-list 101 deny udp any any range 16384 32767
access-list 102 deny udp any any eq 1718
access-list 102 deny udp any any eq 1719
access-list 102 deny tcp any any eq 1720


TCP port 1720 is the port used for the listening of the incoming call.
If you block access to this port, you will essentially deny voice call setup request from the IP side.

This will block H.323 call setups, for people using "standard" VoIP and the
standard port assignments. It won't block Net2Phone, Netspeak, or any one
of a number of proprietary VoIP implementations.

A more drastic approach is to block all UDP traffic on ports >5000, which
will kill H.323 and any other RTP-based scheme like MBONE conferencing. It
still won't block people who want to get through and are willing to use
proprietary schemes.

regards

Yesua

Cisco Employee

Re: VoIP Port

If you are using a Cisco Call Manager, you might want to check this link that summarizes all ports used by it:

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_tech_note09186a00801a62b9.shtml

Regards,

Rick.

New Member

Re: VoIP Port

Thanks Yesua & Rick,

@ Yesua , PLease clear about the proprietary schemes u mentioned in reply. Have u know about "MAJIC JACK" (also used for VoIP calling). is this also a proprietary scheme.

Rgds

Re: VoIP Port

yes, propietary I mean not following at all an standard and creating their own thing, just like "majic jack", those are the ones more difficult to block.

Majic jack appears to uses the following udp ports and something strange is doing with tcp ports:

TCP Ports List: 80 (HTTP), 443 (HTTPS)

UDP Ports List: 5060, 5070, 10000-65535

You should be able to confirm this, the last time I found it was using only 5060 and 5070, so blocking this two probably will make it.

regards

Yesua    

7358
Views
5
Helpful
4
Replies
CreatePlease login to create content