[cisco-voip] more ACL questions - RTP from CUE outside RTP range
Andreas Sikkema
asikkema at unet.nl
Sat Dec 3 02:46:13 EST 2011
Wes,
> only some devices use that port range for RTP. CUCM does not. CIPC does
> not. IOS does because of the way it allocates port numbers.
>
> for anything based on a common os (windows/linux) the socket command does
> not allow specifying a subset of port numbers. this makes compliance nearly
> impossible.
>
> CUE is running on linux.
There's load of Windows/Unix based applications able to limit the
range of their RTP port pool. It's been a *long* time since I've last
done it, but it is possible. Unfortunately there's no agreement on
what it should be, despite what the RFC might say. In general it is up
to you to find the range of ports the application you're trying to
protect uses and insert that in an ACL...
--
Andreas Sikkema
More information about the cisco-voip
mailing list