<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005>RE: Reverse proxying</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005>This is a good solution for CCMUser pages. We use
it here--one machine has two interfaces, one on the public/data vlan, and one on
the voice vlan, and it runs a proxy software. Users connect via HTTP to
this machine and it proxies requests through to the CallManager. In this
way, users do not have any sort of direct access to CCM.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005>You can do this for the CCMAdmin pages
too.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005>We were not successful in implenting this for Unity or
CRA web sites. These use popups and links with absolute URLs, which the
proxy does not translate. Plus the CRA system, which we are using for ACD,
requires a client-side SQL access tool for supervisor access to the ACD stats,
and we haven't found a way to proxy that either.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=622161217-17082005></SPAN></FONT> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Lelio Fulgenzi [mailto:lelio@uoguelph.ca]
<BR><B>Sent:</B> Wednesday, August 17, 2005 12:37 PM<BR><B>To:</B> Tech Guy;
Bradley Bieth<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] WebDialer and Outlook<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>If access to CCM user pages is your only concern, then you might want
consider a reverse proxy. We have that installed and it works very well. You
have to do a bit more work in getting it to work with HTTPS, but it will still
work.</DIV>
<DIV> </DIV>
<DIV>For other application such as softphone, etc, you will need direct access,
but seeing that IIS is under so much attack, I would almost use both - direct
access for applications and proxy access for ccmuser pages. </DIV>
<DIV> </DIV>
<DIV>We have not got the reverse proxy working for Unity user pages but we also
haven't spent much time there either.</DIV>
<DIV> </DIV>
<DIV>--------------------------------------------------------------------------------<BR>Lelio
Fulgenzi, B.A.<BR>Network Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1<BR>(519) 824-4120 x56354 (519) 767-1060 FAX
(JNHN)<BR>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<BR>"I had a coffee and Coke at lunch today...and now, I've got more jitter than
an<BR>IP phone on a long haul 10base2
connection"
LFJ</DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=techguy@gmail.com href="mailto:techguy@gmail.com">Tech Guy</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=bbieth@pacific.edu
href="mailto:bbieth@pacific.edu">Bradley Bieth</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=cisco-voip@puck.nether.net
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, August 17, 2005 12:32
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [cisco-voip] WebDialer and
Outlook</DIV>
<DIV><BR></DIV>I think most people do have seperate vlans for voice and data,
many<BR>people do limit pc's from accessing the callmanagers, I have
asked<BR>about this before and it seems obvious you dont want your
pc's<BR>accessing callmanagers but then I have asked what the point of
having<BR>"CCMUser" page? Most of our users use the CCMUser page, so
they need<BR>to access the callmanagers.<BR><BR>In this case I guess our voice
and data vlans, despite being different<BR>are not doing us much good security
wise. However, the voice vlan<BR>will run a separate spanning tree so
that if a PC has a virus and<BR>loads up the data VLAN, the voice vlan may not
be affected. Also, its<BR>better for QOS to keep a separate Voice
vlans.<BR><BR>I have the same concerns as you about our vlans, but not sure
what to<BR>do about the fact our users need access to
CCMUser.<BR><BR><BR><BR><BR>On 8/17/05, Bradley Bieth <<A
href="mailto:bbieth@pacific.edu">bbieth@pacific.edu</A>> wrote:<BR>>
What are the security risk in regards to user computers accessing the
voice<BR>> vlan to make these calls? It sounds that the personal computer
sends the<BR>> dialing information to CCM via the IP address and then CCM
dials that<BR>> number. In our network diagram we have the call managers on
a separate voice<BR>> vlan and we have ACL's setup to allow only those
specific machine access to<BR>> that vlan.<BR>> <BR>> Do other
user have this same setup? How do you get around personal PC's<BR>>
accessing call managers?<BR>> <BR>> Thanks<BR>> Brad<BR>> <A
href="mailto:bbieth@pacific.edu">bbieth@pacific.edu</A><BR>> <BR>>
Bradley Bieth<BR>> Network Engineer I<BR>> Telecommunications<BR>>
University of the Pacific<BR>> <A
href="mailto:bbieth@pacific.edu">bbieth@pacific.edu</A><BR>> (209)
946-3953<BR>> <BR>> >>> "Court Schuett" <<A
href="mailto:cschuett@hfsnorthamerica.com">cschuett@hfsnorthamerica.com</A>>
8/17/2005 8:40:32 AM >>><BR>> <BR>> Thanks for the help.
That must have been it because it is working like<BR>> a champ now.
Have to say, that's a pretty cool feature. Thanks!<BR>> <BR>>
Court Schuett<BR>> <BR>> 630-909-5560<BR>> <A
href="mailto:cschuett@hfsna.com">cschuett@hfsna.com</A><BR>> -----Original
Message-----<BR>> From: Tech Guy [mailto:techguy@gmail.com] <BR>> Sent:
Tuesday, August 16, 2005 4:17 PM<BR>> To: Court Schuett<BR>> Cc: <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
Subject: Re: [cisco-voip] WebDialer and Outlook<BR>> <BR>> Make sure you
have the correct username and password. Log into<BR>> CCMUser to
confirm the username and password is working.<BR>> <BR>> Make sure in
Global Directory the user has the phone setup as the<BR>> controlled
device, and that "Enable CTI Application Use" is checked.<BR>> <BR>> I
ran into this on one user I set it up for and it was a combination<BR>> of
wrong password, and not having enable CTI checked.<BR>> <BR>> On another
user I simply had to reboot for some reason.<BR>> <BR>> Hope that
helps,<BR>> Dane<BR>> <BR>> <BR>> On 8/16/05, Court Schuett <<A
href="mailto:cschuett@hfsnorthamerica.com">cschuett@hfsnorthamerica.com</A>>
wrote:<BR>> > I'm having problems as well. I installed it and
configured everything<BR>> > in it correctly. However, when I go
to the Dialing Properties in<BR>> > Outlook, I don't see an option for
it. All I see are:<BR>> > My Modem<BR>> > IPCONFLINE<BR>>
> H323 Line<BR>> > <BR>> > Outlook 2003<BR>> > Exchange
2003<BR>> > Call Manager 4.0(1)sr2a<BR>> > <BR>> > Any
ideas?<BR>> > <BR>> > Thanks!<BR>> > <BR>> > Court
Schuett<BR>> > <BR>> > 630-909-5560<BR>> > <A
href="mailto:cschuett@hfsna.com">cschuett@hfsna.com</A><BR>> >
-----Original Message-----<BR>> > From: <A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A><BR>>
> [mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of<BR>> Ortiz,
Carlos<BR>> > Sent: Tuesday, August 16, 2005 2:26 PM<BR>> > To:
Tech Guy; <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> Subject: RE: [cisco-voip] WebDialer and Outlook<BR>> > <BR>>
> I tried on day to get the Web dialer working but was unsuccessful.
Do<BR>> > you have a specific link/guide that you used. If you can
send it back<BR>> I<BR>> > would appreciate it.<BR>> > <BR>>
> Carlos<BR>> > <BR>> > -----Original Message-----<BR>> >
From: <A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A><BR>>
> [mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of<BR>> Tech
Guy<BR>> > Sent: Tuesday, August 16, 2005 2:34 PM<BR>> > To: <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> Subject: Re: [cisco-voip] WebDialer and Outlook<BR>> > <BR>>
> Humm.. care to expand on this? I am unsure what you are referring
to<BR>> > when you say "use the cisco tsp" ?<BR>> > <BR>> >
Dane<BR>> > <BR>> > On 8/16/05, Wes Sisk <<A
href="mailto:wsisk@cisco.com">wsisk@cisco.com</A>> wrote:<BR>> > >
use the cisco TSP to allow dialing from OL address book.<BR>> >
><BR>> > > /Wes<BR>> > ><BR>> > > -----Original
Message-----<BR>> > > From: <A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A><BR>>
> > [mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of<BR>> Tech
Guy<BR>> > > Sent: Tuesday, August 16, 2005 2:04 PM<BR>> > >
To: <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> > Subject: [cisco-voip] WebDialer and Outlook<BR>> >
><BR>> > ><BR>> > > I am reading this cisco press book
"Cisco CallManager Best<BR>> Practices"<BR>> > > and on page 343
it talks about the WebDialer and the ability to have<BR>> a<BR>> >
> Microsoft Outlook address book add-in.<BR>> > ><BR>> >
> I am curious if something like this is out there for free or
what?<BR>> I<BR>> > > was playing with the webdialer today for the
first time, and it was<BR>> > > limited to the global
directory. Just wondering what others have<BR>> done<BR>> >
> if anything with the webdialer.<BR>> > ><BR>> > >
_______________________________________________<BR>> > > cisco-voip
mailing list<BR>> > > <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> > <A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
> ><BR>> > ><BR>> > <BR>> >
_______________________________________________<BR>> > cisco-voip
mailing list<BR>> > <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> <A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
> <BR>> > _______________________________________________<BR>>
> cisco-voip mailing list<BR>> > <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> <A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
> <BR>> > _______________________________________________<BR>>
> cisco-voip mailing list<BR>> > <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
> <A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
><BR>> <BR>> _______________________________________________<BR>>
cisco-voip mailing list<BR>> <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
<A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
<BR>> _______________________________________________<BR>> cisco-voip
mailing list<BR>> <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>>
<A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>>
<BR>>
<BR>><BR><BR>_______________________________________________<BR>cisco-voip
mailing list<BR><A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR><A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR></BLOCKQUOTE></BODY></HTML>