cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
676
Views
0
Helpful
7
Replies

VCS filtering specific IP addresses as destination

Hello,

We need to deny VC calls some specific IP addresses through VCS control or Expressway.

Since IP addresses are not possible to filter with pattern matching in the Search Rules, or Policing,

how can i configure or filter specific IP's as 'denied' destinations.

any idea welcome, regards, hans

7 Replies 7

Patrick Sparkman
VIP Alumni
VIP Alumni

Could use VCS's call policy using regex and the destination field.

gubadman
Level 3
Level 3

The VCS also has a firewall which can be configured from the web interface - System > Firewall rules > Configuration

which could block the IP addresses, though I'm not sure this would give good user experience

Guy,

In general you're right. But the Firewall comes just with X7.2x and we've made too many bad experiences until now with it.

So, we are back on X7.1. running without any issue.

regards, hans

adimchev
Cisco Employee
Cisco Employee

Hi Hans,

as far as I understood you want to restrict calls to some IP address going out of the VCS Expressway.

In general if you want to deny calls to IP addresses you can do so via search rules targeting the DNS zone, i.e. do not create “Any IP” rule

Another way would be (that in case you want to allow calls some IP addresses) to create subzone membership rules containing those IP’s and se the “Call to unknown IP addresses” configuration setting to “Indirect”.

Or perhaps turn it off completely.

Hope that helps :-)

Regards//Andrey

Andrey,

Both your possibilities 1 and 2 might have the potential to invent something. I will try.

Thanks, Hans

ahmashar
Level 4
Level 4

Hi Haprinz,

although search rule does not provide you filtering scheme based on different IP addresses but subzone membership does provide that. you can register the endpoints on different subzones and grant/access calls and registrations by search rules or more versatile by CPL script.

regards, Ahmad

Martin Koch
VIP Alumni
VIP Alumni

Is it regards scans on the internet?

Then disabling sip-udp on the VCS-E is a big help.

Also trying not to use numbers as 100 1000 101 1001 200 for video endpoints could be helpful :-)

What kind of calls do you see as the problem? If you have some more info about the

unwanted calls (how the source and destination looks like, why you dont want them, ...)

Please remember to rate helpful responses and identify

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: