Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8476
Views
30
Helpful
5
Replies

ip address trusted list

johnlloyd_13
Level 9
Level 9

‎06-29-2020 06:19 PM - edited ‎06-29-2020 06:29 PM

hi,

i'm not a voice expert so forgive me for my question.

i'm securing our voice router from toll fraud using the 'ip address trusted list'

my question are:

 

1. do i only add our CUCM IP address under the voice service voip 'ip address trusted list'?

 

2. do i need to add here the SIP provider public IP (which i found under 'voice class uri') and customer IP (from 'dial-peer session target')

 

3. will the VOIP or SIP service break or have an outage if i forgot to add any SIP public IP or downstream customer private IP (i.e. their CUBE) 

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Roger Kallberg
VIP
VIP

‎06-29-2020 10:36 PM

That list would have the IPs of your CUCMs and any IP(s) that your SIP trunk service provider will source traffic from.



Response Signature


johnlloyd_13
Level 9
Level 9
In response to Roger Kallberg

‎06-30-2020 12:21 AM

hi roger,

how about IP address found on 'dial peer session target' command?

do i add them as well?

0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎06-30-2020 02:48 AM - edited ‎06-30-2020 02:50 AM

Hi,

Any address in the session target will be automatically added, hence you dont need to add them. This will include IP address of your CUCM servers as well as IP address of your ITSP that is configured as a sessison target.

NB: You may need to add other IPs from your ITSP as they usually send requests from multiple IP address. You should just ask them for the subnet of their Signalling IPs and add the whole subnet to be safe

Please rate all useful posts

johnlloyd_13
Level 9
Level 9
In response to Ayodeji Okanlawon

‎06-30-2020 03:19 AM - edited ‎06-30-2020 03:24 AM

hi,

any good show commands to view incoming IP, voice session/traffic, etc so i can capture the IPs needed to be added?

i also saw some config with and without the subnet mask. which format is 'best practice'?

voice service voip
ip address trusted list
ipv4 192.168.1.100 255.255.255.255
ipv4 10.1.1.10

0 Helpful

TONY SMITH
Spotlight
Spotlight
In response to johnlloyd_13

‎06-30-2020 07:19 AM

Without a subnet mask it just trusts that one host.  Using a mask you can specify a range.  My understanding is that it's the signalling addresses that need to be trusted, not the media endpoints.  Maybe someone can confirm.  

If you have call history enabled you can see the signalling IP addresses that have been in use with the show command ..

sh call hist voice | i RemoteSignallingIPAddress
Customers Also Viewed These Support Documents