Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1191
Views
0
Helpful
2
Replies

VCS Registration only via SIP TLS, but B2B Calls via all Protocols,Possible via CPL?

Alexander Fischer
Level 1
Level 1

‎12-03-2013 05:35 AM - edited ‎03-18-2019 02:14 AM

Dear all,


my customer wants to allow endpoints to only register via SIP TLS on their VCS-Expressway.

B2B calls shall be allowed via both SIP TLS & TCP as well as H323.

Is there a way on VCS to deny SIP TCP and H323 registrations via CPL?

If yes, how?

I made a quick drawing and attached it as pdf, to clarify what I mean.

Thanks in advance!


Best regards,

Alex

Labels:
Preview file
26 KB
0 Helpful
2 Replies 2

Anthony Thomson
Level 3
Level 3

‎12-04-2013 11:50 AM

H323 registration can be stopped simply be creating a Deny rule for your H323 registration port (default is 1719/udp) on the VCS's built-in firewall.  I had to restart the VCS for it to take effect, although I shouldn't have.  SIP is much more difficult though because the registration port is not unique--it's the same port used for call setup.  I don't recall anything in CPL that will let you do this, but I'm sure others have more experience with CPL than I do.

0 Helpful

adimchev
Cisco Employee
Cisco Employee

‎12-05-2013 01:52 AM

Hi Alexander,

please check if setting up Default Zone Access Rules would resolve your problem - (

Configuration>Zones >Default Zone access rules).

And also I imagine that the local and remote expressway will establish client - server traversal zone , correct?

Regars//Andrey

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents