Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
904
Views
5
Helpful
4
Replies

VCS Expressway Licence Alarm

andypoore
Level 1
Level 1

‎12-19-2012 03:35 AM - edited ‎03-18-2019 12:19 AM

All

We are deploying an increasing number of VCS Control/Expressway for firewall traversal. While we are confident of the security preventing unauthorised calls, it doesn't stop every idiot out there trying to commit toll fraud. The problem is these repeated failed call attempts, however brief consume traversal call licenses which when consumes the whole license pool generates an alarm, and can then prevent legitimate calls if no licenses are available from the pool.

The only answer I've up with so far is to configure the VCS firewall to block connections on port 5060 from the IP addresses of the worst offenders.

Anybody have any thoughts?

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
4 Replies 4

gubadman
Level 3
Level 3

‎12-19-2012 03:43 AM

If you can turn off SIP UDP Mode if you don't use it, under VCS configuration > Protocols > SIP > Configuration

this will cut down a lot of unwanted traffic.

On a site I look at we have it off on the Expressways, and on on a Starter Pack and the Starter Pack is the only one that seems to have a lot of these issues.

0 Helpful

andypoore
Level 1
Level 1
In response to gubadman

‎12-19-2012 03:53 AM

Hi

I've turned of UDP already which has reduced it somewhat, it seems a lot of the SIP requests are coming from users using TCP modifying the source to something like 1.1.1.1.



Sent from Cisco Technical Support iPad App

0 Helpful

Dane Martin
Level 4
Level 4

‎01-19-2013 11:27 AM

While not contributing to a solution, I thought I would mention that I  have the same issue on my Expressways, and also looking for a  reasonable resolution.

I only have 10 traversal licenses on the VCS-E,  but based on the rapid number of call attempts in my event logs I would run out  of any number of traversal licenses with the 10 seconds or so that a  license is granted before it is released.

0 Helpful

Jens Didriksen
Level 9
Level 9

‎01-19-2013 01:55 PM

You should be able to block these using CPL - see

https://supportforums.cisco.com/thread/2090814

https://supportforums.cisco.com/thread/2165432

and also the admin guide for different examples which might give you an idea as to what to do.

Bear in mind though, that you need to specify rules for both authenticated and unauthenticated calls, for example;

1.1.1.1" destination=".*">


/jens

Please rate replies and mark question(s) as "answered" if applicable.
Customers Also Viewed These Support Documents