[cisco-voip] testing new ACLs: VG224 issues

Lelio Fulgenzi lelio at uoguelph.ca
Fri Dec 2 15:47:49 EST 2011 

Here is the original syslog output: 

Dec 1 13:53:27 dist-mckn.net.uoguelph.ca 46161: Dec 1 13:53:26.957 EST: %SEC-6-IPACCESSLOGDP: list voice_endpoints_out denied icmp vg224.eth.0.ipaddr -> my.ip.phone.ipaddr (3/3), 1 packet 
Dec 1 13:53:52 dist-mckn.net.uoguelph.ca 46162: Dec 1 13:53:51.354 EST: %SEC-6-IPACCESSLOGP: list voice_endpoints_out denied udp vg224.loop.back.ipaddr(19441) -> my.ip.phone.ipaddr(4001), 1 packet 

I'm going to try and add port 4001 and see how that helps and then maybe add the ping, ahem, I mean ICMP somehow. 

Any more advice would be helpful. 



----- Original Message -----
From: "Wes Sisk" <wsisk at cisco.com> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
Cc: "Cisco VoIPoE List" <cisco-voip at puck.nether.net> 
Sent: Thursday, December 1, 2011 6:04:05 PM 
Subject: Re: [cisco-voip] testing new ACLs: VG224 issues 

udp w.x.y.z(19441) -> i.j.k.l(4001) 


router tries to sent phone RTCP. phones do not support RTCP. 


icmp a.b.c.d -> i.j.k.l 


are you positive on this direction and the explanations of addresses? It would fit better for this to be the ICMP port unreachable coming from the phone back to the router. 


/wes 



On Dec 1, 2011, at 4:23 PM, Lelio Fulgenzi wrote: 


So the VG224 is trying to connect to to the IP phone to do RTCP? 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Wes Sisk" < wsisk at cisco.com > 
To: "Lelio Fulgenzi" < lelio at uoguelph.ca > 
Cc: "Cisco VoIPoE List" < cisco-voip at puck.nether.net > 
Sent: Thursday, December 1, 2011 4:20:51 PM 
Subject: Re: [cisco-voip] testing new ACLs: VG224 issues 

CM does and phones do not do RTCP. However, it looks like CUCM may default the RTCP port to 4001 during some capabilities and port exchanges. 



On Dec 1, 2011, at 3:46 PM, Lelio Fulgenzi wrote: 
What is UDP traffic destined to 4001 all about? 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20111202/599caeb1/attachment.html>

More information about the cisco-voip mailing list