<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 10pt; color: #000000'>Thanks Wes. By "platform web pages"<span> I'm assuming you mean OS admin - that's where I found what you mentioned.<br><br>I'll have to digest your SIP activity comments and see how I can build my ACLs. The document I found seems to be fairly new for 7.1 and I'm pretty sure they have them for 8 as well. The document doesn't say anything like you mention. :(<br><br>Lelio<br><br><br><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>Cooking with unix is easy. You just sed it and forget it. <br> - LFJ (with apologies to Mr. Popeil)<br><span name="x"></span><br></span><br><hr id="zwchr"><b>From: </b>"Wes Sisk" <wsisk@cisco.com><br><b>To: </b>"Lelio Fulgenzi" <lelio@uoguelph.ca><br><b>Cc: </b>"cisco-voip (cisco-voip@puck.nether.net)" <cisco-voip@puck.nether.net><br><b>Sent: </b>Tuesday, August 2, 2011 4:37:11 PM<br><b>Subject: </b>Re: [cisco-voip] ACLs for voice<br><br>
<title></title>
Most documents are superseded by the port numbers built into the
platform now. Under platform web pages show->ip preferences.<br>
<br>
This lists each service, port numbers, and peer device.<br>
<br>
For SIP trunks the port usage is somewhat configurable. For SIP line
side it is:<br>
<br>
Phone initiates TCP session from TCP port 49499 to CUCM port 5060.<br>
Phone sends register and proceeds as expected.<br>
Another endpoint initiates a call to CUCM that is routed to this
phone. CUCM attempts to initiate a TCP session from a CUCM
ephemeral port to this phone on port 49499.<br>
<br>
You're not going to be able to do an ACL for SIP traffic other than
permit all for sessions initiated from CUCM ephemeral port range
toward the end points.<br>
<br>
Regards,<br>
Wes<br>
<br>
On 8/2/2011 4:04 PM, Lelio Fulgenzi wrote:
<blockquote cite="mid:797033825.1305129.1312315445650.JavaMail.root@erie.cs.uoguelph.ca">
<style>p { margin: 0; }</style>
<div style="font-family: Verdana; font-size: 10pt; color: rgb(0, 0, 0);">As mentioned in a previous thread, I'm updating our
voice VLAN ACLs<span>. I'm using 'established' entries to help
out, but I'm going to assume many of the protocols are two
way, so I'd like to include those where possible.<br>
<br>
In reading the documentation, some of the requirements show
what I'm pretty sure is a one way connection, i.e. Phone ->
Unified CM = 2000/TCP. I take this to mean the phone picks a
random TCP port and communicates to the </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Unified CM </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4"> on port 2000 from
this random port.<br>
<br>
Others show Phone -> Unified CM = 5060/TCP,UDP and the
opposite, </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Unified CM -> </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Phone </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">= 5060/TCP,UDP.<br>
<br>
Does this mean that the phone talks to Unified CM using port
5060 to port 5060, -or- does it mean that the phone picks a
random port to talk to the Unified CM port 5060 and sometimes
the Unified CM picks a random port to talk to the Phone's 5060
port?<br>
<br>
There two different things in my opinion.<br>
<br>
Thoughts?<br>
<br>
Lelio<br>
<br>
</span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4"><br>
<span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
Cooking with unix is easy. You just sed it and forget it. <br>
- LFJ (with apologies to Mr.
Popeil)<br>
<span></span><br>
</span><br>
</div>
<pre><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
</div></body></html>