cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
5
Helpful
4
Replies

VCS Expressway Licence Alarm

andypoore
Level 1
Level 1

All

We are deploying an increasing number of VCS Control/Expressway for firewall traversal. While we are confident of the security preventing unauthorised calls, it doesn't stop every idiot out there trying to commit toll fraud. The problem is these repeated failed call attempts, however brief consume traversal call licenses which when consumes the whole license pool generates an alarm, and can then prevent legitimate calls if no licenses are available from the pool.

The only answer I've up with so far is to configure the VCS firewall to block connections on port 5060 from the IP addresses of the worst offenders.

Anybody have any thoughts?

Sent from Cisco Technical Support iPad App

4 Replies 4

gubadman
Level 3
Level 3

If you can turn off SIP UDP Mode if you don't use it, under VCS configuration > Protocols > SIP > Configuration

this will cut down a lot of unwanted traffic.

On a site I look at we have it off on the Expressways, and on on a Starter Pack and the Starter Pack is the only one that seems to have a lot of these issues.

Hi

I've turned of UDP already which has reduced it somewhat, it seems a lot of the SIP requests are coming from users using TCP modifying the source to something like 1.1.1.1.



Sent from Cisco Technical Support iPad App

Dane Martin
Level 4
Level 4

While not contributing to a solution, I thought I would mention that I  have the same issue on my Expressways, and also looking for a  reasonable resolution.

I only have 10 traversal licenses on the VCS-E,  but based on the rapid number of call attempts in my event logs I would run out  of any number of traversal licenses with the 10 seconds or so that a  license is granted before it is released.

Jens Didriksen
Level 9
Level 9

You should be able to block these using CPL - see

https://supportforums.cisco.com/thread/2090814

https://supportforums.cisco.com/thread/2165432

and also the admin guide for different examples which might give you an idea as to what to do.

Bear in mind though, that you need to specify rules for both authenticated and unauthenticated calls, for example;

1.1.1.1" destination=".*">


/jens

Please rate replies and mark question(s) as "answered" if applicable.