cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
404
Views
5
Helpful
5
Replies

CME open to the public Internet

tato386
Level 6
Level 6

If I were to open the ports needed for a skinny protocol phone to connect to the CME how can I prevent unauthorized phones from logging in and being assigned an extension? I am not worried about encrypting the data but would like to have some type of authentication involved.

Thanks,

Diego

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

Actually only phones with a MAC address configured in the system will be given an extension.

Hope this helps, please rate post if it does!

Not necessarily our system has autodiscovered all phones connected the the local LAN. I am guessing via CDP or something. My hope is that whatever technique is used to autoconfigure local LAN phones is not available via WAN.

Diego

The phone may autoregister is so configured under telephony-service, however an unknow mac will have no DN assigned and cannot call out neither receive calls.

Ah, forgot to mention, by default SIP is open and that is a BIG risk, you need an ACL blocking incoming udp/tcp port 5060 on the internet interface.

Sounds good.

Thanks,

Diego