11-03-2017 03:07 AM - edited 03-17-2019 11:32 AM
Hi guys ,
I would like to thank you all the member of cisco community who is always supporting us .
As of now i am facing an issue with our ISP Sip trunk we have Cisco 2911 CME with Sip trunk to ISP .
Unfortunately , now we are facing a Toll Fraud (usually after working hours ) regarding the configuration we didnt do any security to the configuration .
We did only COR List so if you dont mind i would like to know what to do (with commands if possible ) .
ISO is 15.4
Regards
Mansour
11-03-2017 05:18 AM
Hi,
It is very simple, you can just add the following:
voice service voip ip address trusted list ipv4 xxx.xxx.xxx.xxx ipv4 yyy.yyy.yyy.yyy
Just put in this list all your known SIP IP addresses, like the IP address of the service provider (if he has a few, add them all), and also add your CUCM IP's. Should do the trick fine.
11-05-2017 12:58 AM
Thank you dear Slavik for your response .
I have only CME not CUCM and registered with SIP Trunk with local ISP .
So shall i include the ip address for the Sip ISP router , My CME router , do i need to include also the
Phones ip address ?.
Beside that can i require authintication for those needs to use the SIP trunk or this is ISP side ?
Thank you
11-05-2017 01:29 AM
11-05-2017 04:51 AM
Hi,
You need to start by placing security access-list on the incoming interface as follow:
object-group network itsp-addresses
ip-address-01 /32
ip-address-02 /32
....
ip access-l extend sip-security
per tcp object-group itsp-addresses any eq 5061
per tcp object-group itsp-addresses any eq 5060
per udp object-group itsp-addresses any eq 5060
per tcp object-group itsp-addresses eq 5060 any
per tcp object-group itsp-addresses eq 5061 any
per udp object-group itsp-addresses eq 5060 any
Then on top of this you need to add the trusted authentication mentioned by Slavik. This way you avoid any bugs related ip trusted authentication or denial of service attacks on SIP port of the CME
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide