[cisco-voip] Nbar missing some RTP traffic
Ryan West
rwest at zyedge.com
Thu Apr 17 10:46:19 EDT 2008
Chris,
The problem with this is that SIP providers do not follow the same guidelines that Cisco uses for RTP port assignments. This being said, you will see ranges of RTP that are well below 16384 and above 32767. I have run into issues with customers explicity blocking these ranges for legacy trojan protection.
-ryan
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ellington, Chris
Sent: Thursday, April 17, 2008 10:35 AM
To: Jeffrey Ollie
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Nbar missing some RTP traffic
Well, yes that is true - however you can pick a range of ports to match - I do it all of the time. Use an extended ACL to match by port range if you like. Much more granular than trying to use nbar
chris
-----Original Message-----
From: Jeffrey Ollie [mailto:jeff at ocjtech.us]
Sent: Thursday, April 17, 2008 10:30 AM
To: Ellington, Chris
Cc: Jorge L. Rodriguez Aguila; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Nbar missing some RTP traffic
On Thu, Apr 17, 2008 at 8:42 AM, Ellington, Chris
<Chris.Ellington at inin.com> wrote:
> Why not just pick the exact traffic you are looking to match and match
> it? Don't worry about nbar messing it up - just grab the ports you're
> seeking and mark as such?
Because RTP traffic doesn't use a single UDP port. The phone (or
CallManager, the router, or whatever) picks a UDP port number at
random and sends that information to the other side via the signalling
protocol (SIP, H.323, SCCP, etc.).
Jeff
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list