Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
17619
Views
0
Helpful
2
Comments

How to disable H.323 and Session Initiation Protocol (SIP) services on TCP ports 1720 and 5060 of a IOS gateway router

TCC_2
Level 10
Level 10

‎06-22-2009 04:04 PM - edited ‎03-12-2019 08:35 AM

Core Issue

The router, by default, responds to H.323 and SIP services on TCP ports 1720 and 5060.

Cisco gateways with SIP functionality listen to port 5060 by default.

Ports 1720, 5060 and other ports are open because all User Datagram Protocol (UDP) and TCP ports are open by default. You can disable the router listening on port 5060 by issuing this command:

The reason the router listens on port 1720 is likely that you are using an IP PLUS feature set Cisco IOS image.

Resolution

You can disable the router listening on port 5060 by issuing this command:

router(config)#sip-ua
router(config-sip-ua)#no transport tcp
router(config-sip-ua)#no transport udp

Cisco gateways running IOS  versions that support SIP protocol listen to TCP or UDP port 5060 by default, even when the gateway is not explicitly configured for SIP.

For port 1720, you must configure an Access Control List (ACL), as shown:

Router(config)#access-list 107 deny tcp any any eq 1720
Router(config)#interface e0
Router(config-if)#ip access-group 107 in

The reason the router listens on port 1720 is likely that you are using an IP PLUS feature set Cisco IOS image.

IP PLUS supports VoIP. It always has a default VoIP dial-peer (dial-peer 0). This listens on port 1720 for H.323 signaling. This behavior cannot be changed since the H.323 stack always runs with this feature set. If you do not want to use an ACL to control this behavior, you can use a feature set that does not support VoIP, such as an IP feature set.

To disable SIP, you need to upgrade to 12.3(8)T or later.

You can upgrade to to12.3(8)T or beyond by visiting: Software Downloads

0 Helpful
Comments
alfredos
Level 1
Level 1
‎05-18-2012 04:28 AM

About H.323, this doc is a bit obsolete. Since at least 12.4T, you can configure:

voice service voip
 h323
  call service stop
InformzIT
Level 1
Level 1
‎07-30-2012 09:04 AM

I would like to disable h323 from listening on 1720 on the outside of my router.  I have 12.4(13r)T5 running on the Router, but I do not have any "voice" commands available in Global Config mode.  Is it that the "VOIP" features are not on the Router?  The article makes it sound like Voip is on by default.  Am I miss understanding that?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents