04-26-2011 10:33 PM
i have a few sip/h323 providers. I have also enabled sip/h323 on my as5400xm(this is for my asterisk server). Since i'm using these providers, i have to put their IP in my access-list. my concern is, since my gateway is accepting sip/h323 calls. what if these provider send the calls to my gateway? so i was thinking of a way to restrict this. It could be as simple as tweaking the access-list. but I don't know. Please help.
here's how i have my access-list setup:
access-list 101 permit tcp host 10.10.10.10 any
access-list 101 permit udp host 10.10.10.10 any
access-list 101 permit udp any any range 16384 32767
access-list 101 deny tcp any any
access-list 101 deny udp any any
Thanks in advance
04-27-2011 05:23 AM
Hi,
can you make test call and post "debug ccsip messages" output.
hth
Muammer
05-11-2011 11:57 AM
You want to reject specific calls? You won't use an ACL for that, since it needs to be done at the voice level.
Take a look at this:
05-11-2011 04:54 PM
the link you provided is for dialpeer to reject certain #. I wanted to reject based on the IP of the other calling party.
05-12-2011 06:11 AM
Ah, so you just want to restrict VoIP calls from L3 addresses other than your provider?
That's just a simple ACL to open up traffic to your SIP ITSP's IP external addresses, and block anything else.
You can get what IPs and ports are used by your provider, but here is what you need open on the Cisco side inbound for an inbound ACL on a WAN interface:
UDP - ITSP address:ITSP SIP Port to External interface:5060 - For SIP signaling
ITSP address:ITSP RTP Port Range - External interface:16384-32767 - RTP traffic
ITSP's port range could be anything between 1024-65535. SIP usually comes from UDP/5060 from the ITSP, but doesn't have to. Verify with them, or look at a SIP debug or packet capture to verify.
The implicit deny will take care of everything else.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide