<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007>I wasn't clear enough. We have a
limited range of IP addresses that are trusted for callmanager
administration, and we have larger IP ranges where our general user population
reside. I would like to filter what networks can access ccmadmin, os
admin, etc. so that the general user population can't even get to the login
screen. Because ccmadmin and ccmuser use the same tcp ports, and I haven't
found any way to change this, I cannot simply filter admin access with router
ACLs.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=491191618-28092007>Simple username and password authentication isn't a
particularly secure way to protect such a key piece of infrastructure ... you're
just one accidental password disclosure or web server bug away from a hacked
callmanager. </SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Wes Sisk [mailto:wsisk@cisco.com]
<BR><B>Sent:</B> September 28, 2007 12:14<BR><B>To:</B> Eric
Pedersen<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] user access to ccmuser web pages<BR></FONT><BR></DIV>
<DIV></DIV>check out the "Standard CCM End Users" group.<BR><BR>Eric Pedersen
wrote:
<BLOCKQUOTE
cite=mid:A58F94A553BA4742821241C8F3E76C9F04494A00@EX2.ACDM.DS.SAIT.CA
type="cite">
<META content="MSHTML 6.00.2900.3157" name=GENERATOR>
<DIV><SPAN class=933023516-28092007><FONT face=Arial size=2>I'm using
callmanager 5.1. I want to enable general user access to the callmanager
ccmuser web pages. I have not seen any way to allow this without also
giving access to ccmadmin/osadmin/etc. web pages, which I don't want to
do for obvious security reasons. Is there a way to do
this?</FONT></SPAN></DIV>
<DIV><SPAN class=933023516-28092007></SPAN> </DIV>
<DIV><SPAN class=933023516-28092007><FONT face=Arial
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=933023516-28092007><FONT face=Arial
size=2>Eric</FONT></SPAN></DIV><PRE wrap=""><HR width="90%" SIZE=4>
_______________________________________________
cisco-voip mailing list
<A class=moz-txt-link-abbreviated href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A>
<A class=moz-txt-link-freetext href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A></PRE></BLOCKQUOTE></BODY></HTML>