Hi, I have ISR router and published server (static NAT). Server’s FQDN server.domain.comAlso, this router has a wi-fi network with NAT pool.If wi-fi clients try to connect to server.domain.com connection doesn’t work because of resolving to server’s ...
Hi,I want to deny L2 traceroute traffic as stated in this article (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-l2-traceroute)However, none of my 3560g/3750g switches has drop command. Is there possibility t...
Hi,
Running a couple CME+CUBE I noticed that the only traffic required to be permitted in ACL is SIP protocol – UDP:5060.
Why on earth, a router permits RTP protocol without specific record in ACL?
Hi,
I have CME and 2 SIP provers. Is it possible to restrict certain CME user groups to call to PSTN via specific dial-peers?
For example:
User group 1 strictly > dial-peer voip 1
User group 2 strictly > dial-peer voip 2
In addition, destination-pa...
Hi!
Here is an excerpt from CME admin guide:
In Cisco Unified CME 4.1 and later versions, the MOH feature is supported when a call is put on hold from a SIP phone and when the user of a SIP phone is put on hold by a SIP, SCCP, or POTS endpoint. The ...
I have attached PNG file to my first post.I want to be able access server.domain.com from wi-fi network which IP address is 100.100.100.5 It goes like thisw-fi client-192.168.1.66 > NAT 100.100.100.5 > 100.100.100.10 NAT> 192.168.2.10-serverall this ...
That is sad. I have a bunch of these. I understand it is old, but it does the job well. Looks like the only workaround is to block this kind of traffic with interface ACL.Thank you anyway.
What about 3750g? It has commands exept drop one. For example I can type something like that 3750g(config)#access-list 150 permit udp any any eq 22283750g(config)#class-map match-all drop-l2trace-class3750g(config-cmap)# match access-group 1503750g(c...
Hi Dennis,
Sorry for my delayed reply I‘m quite busy these days.
I’m using ACL on outside interface and there is no permissions for RTP. Also I’m not using SIP inspection. Besides CBAC inspection works only for pass-through traffic and not for router...
