[cisco-voip] Enabling CUCM/WebEx/B2B - firewall’ing thoughts?
Ryan Huff
ryanhuff at outlook.com
Wed Aug 1 09:23:13 EDT 2018
Yep CMR calling from on-prem endpoint is little more than a B2B call. You’ll want to follow the WebEx guide though, and setup the dedicated DNS zone as it does deviate from the standard DNS zone a little.
As long as the xxx at site.webex.com<mailto:xxx at site.webex.com> URI (whether it’s a PMR or actual meeting room) is not transformed by the Expressway, the call should be free (i.e. does not consume an RMS license).
https://www.cisco.com/c/dam/en/us/td/docs/collaboration/webex_centers/esp/Cisco_WebEx_Meeting_Center_Video_Conferencing_Enterprise_Deployment_Guide_WBS30.pdf
Sent from my iPhone
On Aug 1, 2018, at 09:09, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:
We’re finally taking a turn (not to be confused with TURN - hahaha) at getting CUCM talking to WebEx. Im guessing this is simply a B2B setup with the need for licenses.
The question I have is whether or not I should be activating ACLs anywhere along the path to avoid the expressways from getting hammered and clogging up the logs.
We’ll be enabling this on the MRA expressway pairs for the time being.
From my understanding, MRA uses 5061, 8443, 5222 inbound and B2B uses 5060.
Would it be advisable, to build ACLs only allowing certain address (space) to connect?
This would be on top of any rules/zones we build into the ExpE and CUCM (css).
We’re trying to avoid the obvious impact of scanning Ip addresses/uri’s for sip connectivity.
What are people doing?
-sent from mobile device-
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook
[University of Guelph Cornerstone with Improve Life tagline]
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180801/3a4a7834/attachment.html>
More information about the cisco-voip
mailing list