02-07-2012 03:02 AM - edited 03-19-2019 04:21 AM
I am being asked by my security folks if you can apply an access list to Call Manager (not Call Manger expres or businness edition). My research said not. What I am trying to accomplish is a way to secure access to the web pages for CCM Manager and the like so that is not exposed to non-authorized personnel.
Solved! Go to Solution.
02-07-2012 03:11 AM
Sure you can. You need to be careful though; CUCM uses a lot of various ports. The easiest way is to only restrict HTTP/HTTPS (TCP 80,443,8080,8443) to appropriate source subnets. Take a look at the
Cisco Unified Communications Manager 8.6(1) TCP and UDP Port Usage for details on what is used for client-to-server and server-to-server communications.
Please rate helpful replies.
02-07-2012 03:35 AM
No. While CUCM runs ip tables you have no access to the configuration of it. You would need to write the ACL on an intermediate layer three device.
02-07-2012 03:11 AM
Sure you can. You need to be careful though; CUCM uses a lot of various ports. The easiest way is to only restrict HTTP/HTTPS (TCP 80,443,8080,8443) to appropriate source subnets. Take a look at the
Cisco Unified Communications Manager 8.6(1) TCP and UDP Port Usage for details on what is used for client-to-server and server-to-server communications.
Please rate helpful replies.
02-07-2012 03:33 AM
Let me rephrase. What I meant to say is can you apply ACL in the CLI of Call Manager, not via an external firewall.
02-07-2012 03:35 AM
No. While CUCM runs ip tables you have no access to the configuration of it. You would need to write the ACL on an intermediate layer three device.
02-07-2012 03:44 AM
O.K. I thought that was the case. Just wanted to double check my facts. By the way, love the picture of you next the gaint 79XX phone. What a riot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide