02-12-2017 03:17 PM - edited 03-17-2019 09:30 AM
Hi,
Running a couple CME+CUBE I noticed that the only traffic required to be permitted in ACL is SIP protocol – UDP:5060.
Why on earth, a router permits RTP protocol without specific record in ACL?
02-13-2017 02:29 PM
Ivan,
by default, the CUBE has no ACLs on any of its interfaces. so it should allow RTP.
the other options is the CUBE working in flow around mode, where the RTP stream is end to end between the endpoints and the CUBE is NOT ins the path. (this is not the default, the default is flow through, where CUBE is in the path.)
issue show call act voice compact to find out which is used.
cheers
Please rate if useful
02-20-2017 12:34 PM
Hi Dennis,
Sorry for my delayed reply I‘m quite busy these days.
I’m using ACL on outside interface and there is no permissions for RTP. Also I’m not using SIP inspection. Besides CBAC inspection works only for pass-through traffic and not for router originated traffic.
My CUBE+CME router the only termination point for media and signaling traffic.
#show call act voice compact
<callID> A/O FAX T<sec> Codec type Peer Address IP R<ip>:<udp>
Total call-legs: 2
54898 ANS T14 g711ulaw TELE P131
54899 ORG T14 g711ulaw VOIP Pxxxxxxxxxx 85.45.45.45:18244
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide