I have a team that would like a number set up to forward to whoever is on call. The one way I can think to do this most easily would be to assign the DN to all the users phones, so they can all change the call forwarding through their phone or the self service portal, but that would lead to something of a mess just having it assigned to 7 phones, or put it on one persons phone and everyone has to use that phone to forward. Ideally I'd prefer a way to associate the DN to the user account so it showed up in the self service portal without showing up on the phones. Any thoughts on how something like that could be done? Using CUCM 11.5.1.
... View more
Working on converting from an ACL to ZBF and running into a snag of a sort. Problem is with an ISR 4331 running IOS XE 03.16.05.S.
The protocol, in this example, is using TCP port 2001, communicating with a custom API on a server. From looking at (older) documentation it seems that the suggested way to do this would be to define a custom PAM using:
ip port-map user-API port tcp 2001
Then doing our class-map/policy-map as normal:
ip access-list extended OUTSIDE_SERVER
permit ip host 10.0.0.1 any
class-map type inspect match-all OUTSIDE_SERVER-CMAP
match access-group name OUTSIDE_SERVER
match protocol user-API
The above appears to be fine in our lab on a 2921 (at least as far as configuring), however, it doesn't appear that you can define custom PAMs on the ISR4331 as you get "invalid input detected" when you try to use ip port-map user-[word].
Is there a new/recommended way to handle this? The way it's looking at the moment I can use my existing ACL with minimal changes and point the class-map to it, but I lose visibility on the traffic. The other option seems to be to create one ACL for the address portion of the traffic and another ACL for the ports, then class-map both of them. Is there something I'm not seeing?
... View more