Solved: VCS Expressway to ISDN Gateway

Ravi Shiwmangal · ‎05-07-2013

Hi, it seems that my vcse is being traversed from outside and numerous hits or fraudulent calls are being attempted across my ISDN gateway. I believe this is referred to as hair pinning! What are the best practices and how do I secure my expressway?

Thanks,

Ravi

Jens Didriksen · ‎05-07-2013

This has been covered in various threads in the past such as:

https://supportforums.cisco.com/message/3392768#3392768

https://supportforums.cisco.com/message/3542518#3542518

https://supportforums.cisco.com/message/3561238#3561238

Take a look at the CPL examples in these threads, and also the relevant section in the VCS-E admin guide also referred to in a couple of the threads.

In addition to the CPL script, you should consider breaking the dialling string by using something like # in the GW prefix, i.e if your prefix is 1 you use 1# instead.

You won't be able to block the call attempts as such with the above, so they will still show up in the log, but you will minimise the possibility of any of these call attempts actually succeeding.

One way to completely block them would be to turn off SIP completely on the VCS-E, but turning off SIP UDP will also keep these attempts to a minimum, at least that's my experience.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

View solution in original post

Jens Didriksen · ‎05-07-2013

This has been covered in various threads in the past such as:

https://supportforums.cisco.com/message/3392768#3392768

https://supportforums.cisco.com/message/3542518#3542518

https://supportforums.cisco.com/message/3561238#3561238

Take a look at the CPL examples in these threads, and also the relevant section in the VCS-E admin guide also referred to in a couple of the threads.

In addition to the CPL script, you should consider breaking the dialling string by using something like # in the GW prefix, i.e if your prefix is 1 you use 1# instead.

You won't be able to block the call attempts as such with the above, so they will still show up in the log, but you will minimise the possibility of any of these call attempts actually succeeding.

One way to completely block them would be to turn off SIP completely on the VCS-E, but turning off SIP UDP will also keep these attempts to a minimum, at least that's my experience.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Ravi Shiwmangal · ‎07-06-2013

Thanks

Sent from Cisco Technical Support iPhone App

ahmashar · ‎05-08-2013

Hi Ravi,

Involve Cisco's Advance Services to help you secure your servers. If you decide to implement the CPL script yourself, do it thoroughly tested before roll it out on production. you can also seek help from TAC with the checking out your script.

regards, Ahmad

epicolo · ‎05-08-2013

Hi, you should create a CPL to block that type of call attempt and also you can work with your search rules on the VCS E to only accept calls to your gw prefix from know/desired zones.

Cisco ASE have designed a course on how to deploy security on video environments. The first version was called TSECT and there is a new version and it will probably available to be delivered virtually (webex).
Please advice if you or your Company have interest on this.

Best Regards
Elter

Sent from Cisco Technical Support iPad App

Ravi Shiwmangal · ‎07-06-2013

Thanks

Sent from Cisco Technical Support iPhone App