[cisco-voip] IOS access-lists to hide callmanager/unity/personal assistant?
Ryan Ratliff
rratliff at cisco.com
Mon Oct 16 10:48:10 EDT 2006
What do you mean by migrate the servers to their active directory?
Is this as a member of the domain or simply an ldap integration to AD?
Cisco does not recommend adding CallManager servers to the domain.
You have to remove the server from the domain each time you do an
upgrade and (as you are already aware) you have to verify the domain
security policies does not break CM (including pushing apps and/or
security patches). For most folks the extra 2 reboots every time
you want to patch is enough to keep them out of the domain.
-Ryan
On Oct 13, 2006, at 8:40 AM, Voigt Thomas wrote:
Hi all!
Has anyone experiences with IOS access-lists to hide the Cisco
servers from the other clients in the net?
Our server guys tell us to migrate our servers to their active
directory (which should be no problem) and also to their
security concept which includes distributing Microsoft patches to the
servers. This is not allowed by Cisco…
So we have to hide our Cisco gear with access lists to have only
contact with the ip phones and other neccessary
communications.
I know that there are documents at CCO that document the ports used
by CCM, UNITY and PA. But are there
access lists anywhere which we could use?
--
With kind regards
Thomas Voigt
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list