Thanks for the quick response.

I have a download of 7.2.3 which seems to be  the current 7.x version.

It's accessible per https on a public IP from a provider in Croatia.  Password is strong and differs from our internally configured systems. The credentials to register on the VCS-E are also quite uncommon and strong.  

Disabled SIP

When I connected to the system the call was up, but as you suspected not in the call logs on the VCS-E

This why I suspected it to be some sort of "keep-alive" or other form of "are you there" request from the  VCS side of things.  "Auto answer" is naturally also off in this case.

No one has recommended disabling SIP UDP messages since I took over, what kind of issues would be avoided or better potentially created by disabling the UDP messages.  Actually, no one else has a clue how the system works, so I won't get any suggestions either.

Thanks,
Randy

You should really upgrade to x8.2.1 - and, you should also upgrade the end-point to F9.3.3 see

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Scroll down to "Software Versions and Fixes", expand this and go to "Obtaining Fixed Software" then see "Customers Without Service Contracts" if you don't have a service contract.

Also see https://tools.cisco.com/bugsearch/bug/CSCup25151

Also download the relevant admin guide(s) from here: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-maintenance-guides-list.html

The deployment guides and the authentication guides are also worth a look: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-installation-and-configuration-guides-list.html

Now, back to your issue - the "keep alives" will not interfere with any ongoing calls etc - you would not know that was even happening.

I suspect your external system is being subjected to sip scans, i.e. SIPVicious; https://code.google.com/p/sipvicious/ which is very common. Disabling SIP on the end-point should put an end to this.

Disabling SIP UDP on the VCS-E also assists with reducing the impact of such scans on your network, however, if you do have ISDN gateways in your environment, then there are additional steps you should take to prevent unauthorized access - see the VCS admin guide for more information. There are also numerous threads in this forum covering this.

Disabling SIP on the VCS-E also reduces the time it takes to establish a SIP call - see this post for a very good explanation, as well as a work-around if disabling SIP UDP is not an option: https://supportforums.cisco.com/document/11935236/vcs-how-avoid-sip-udp-timeout-without-disabling-udp

The only potential issue I have found with SIP UDP being disabled, is that you will not be able to call sites using its hostname, i.e. fisthank.lifesize.com - which we hardly ever do anyway, so it's really not an issue.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

The above detailed responce is greatly appreciated.

The calls to the internet based device have stopped after reconfiguring the settings.

Will look into the above notes/docs and see what I can adapt to make out environment a bit more secure and from a call flow perspective, optimize things.

Many thanks,

Randy

As Jens suggested (and +5 to him for that), the call that was in your screenshot was consistent with a SIPVicious scan - there's a fair few posts in these forums with similar issues.  And one of the Popular Discussions is this one: https://supportforums.cisco.com/discussion/11865446/lot-calls-numbers-100-and-101-looks-self-calls.

Jens has linked lots of good information in his post - disabling the SIP UDP being a good start.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.