<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 10pt; color: #000000'>muchos gracias. considering I'm not tuned into SIP either, I think <span>I'd be leading them astray. ;)<br><br><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>Cooking with unix is easy. You just sed it and forget it. <br> - LFJ (with apologies to Mr. Popeil)<br><span name="x"></span><br></span><br><hr id="zwchr"><b>From: </b>"Wes Sisk" <wsisk@cisco.com><br><b>To: </b>"Lelio Fulgenzi" <lelio@uoguelph.ca><br><b>Cc: </b>"cisco-voip (cisco-voip@puck.nether.net)" <cisco-voip@puck.nether.net><br><b>Sent: </b>Wednesday, August 3, 2011 10:37:18 AM<br><b>Subject: </b>Re: [cisco-voip] ACLs for voice<br><br>
WIP. You too can submit feedback on the document on the left hand
side:<br>
<a class="moz-txt-link-freetext" href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/8_6_1/portlist861.html" target="_blank">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/8_6_1/portlist861.html</a><br>
<br>
Regards,<br>
Wes<br>
<br>
On 8/3/2011 10:29 AM, Lelio Fulgenzi wrote:
<blockquote cite="mid:1818798482.1332411.1312381747356.JavaMail.root@erie.cs.uoguelph.ca">
<style>p { margin: 0; }</style>
<div style="font-family: Verdana; font-size: 10pt; color: rgb(0, 0, 0);">hmmm, considering this is a key document people use, any
chance on getting the folks who produce this tuned? G-sharp
maybe?<span> ;)<br>
<br>
<span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
Cooking with unix is easy. You just sed it and forget it. <br>
- LFJ (with apologies to Mr.
Popeil)<br>
<span></span><br>
</span><br>
<hr id="zwchr"><b>From: </b>"Wes Sisk" <a class="moz-txt-link-rfc2396E" href="mailto:wsisk@cisco.com" target="_blank"><wsisk@cisco.com></a><br>
<b>To: </b>"Lelio Fulgenzi" <a class="moz-txt-link-rfc2396E" href="mailto:lelio@uoguelph.ca" target="_blank"><lelio@uoguelph.ca></a><br>
<b>Cc: </b>"cisco-voip (<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)"
<a class="moz-txt-link-rfc2396E" href="mailto:cisco-voip@puck.nether.net" target="_blank"><cisco-voip@puck.nether.net></a><br>
<b>Sent: </b>Wednesday, August 3, 2011 10:07:40 AM<br>
<b>Subject: </b>Re: [cisco-voip] ACLs for voice<br>
<br>
Lelio,<br>
<br>
It seems the document authors may not be attuned to details of
SIP/TCP behavior.<br>
<br>
Regards,<br>
Wes<br>
<br>
On 8/3/2011 9:39 AM, Lelio Fulgenzi wrote:
<blockquote cite="mid:702773513.1328461.1312378770774.JavaMail.root@erie.cs.uoguelph.ca">
<style>p { margin: 0; }</style>
<div style="font-family: Verdana; font-size: 10pt; color: rgb(0, 0, 0);">Hi Wes,<br>
<br>
Just looking over your note and the document I was referring
to:<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_1_2/CCM_7.1.2PortList.pdf" target="_blank">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_1_2/CCM_7.1.2PortList.pdf</a><br>
<br>
The document has no mention of the behaviour you point out.<br>
<br>
The document seems recent and there are also documents for
8.0 and 8.5, so it seems like it's being maintained.<br>
<br>
Any idea why the discrepancy? <br>
<span><br>
<span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * University of Guelph * Guelph,
Ontario N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
Cooking with unix is easy. You just sed it and forget it.
<br>
- LFJ (with apologies to Mr.
Popeil)<br>
<span></span><br>
</span><br>
<hr id="zwchr"><b>From: </b>"Wes Sisk" <a class="moz-txt-link-rfc2396E" href="mailto:wsisk@cisco.com" target="_blank"><wsisk@cisco.com></a><br>
<b>To: </b>"Lelio Fulgenzi" <a class="moz-txt-link-rfc2396E" href="mailto:lelio@uoguelph.ca" target="_blank"><lelio@uoguelph.ca></a><br>
<b>Cc: </b>"cisco-voip (<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)"
<a class="moz-txt-link-rfc2396E" href="mailto:cisco-voip@puck.nether.net" target="_blank"><cisco-voip@puck.nether.net></a><br>
<b>Sent: </b>Tuesday, August 2, 2011 4:37:11 PM<br>
<b>Subject: </b>Re: [cisco-voip] ACLs for voice<br>
<br>
<title></title>
Most documents are superseded by the port numbers built into
the platform now. Under platform web pages show->ip
preferences.<br>
<br>
This lists each service, port numbers, and peer device.<br>
<br>
For SIP trunks the port usage is somewhat configurable. For
SIP line side it is:<br>
<br>
Phone initiates TCP session from TCP port 49499 to CUCM port
5060.<br>
Phone sends register and proceeds as expected.<br>
Another endpoint initiates a call to CUCM that is routed to
this phone. CUCM attempts to initiate a TCP session from a
CUCM ephemeral port to this phone on port 49499.<br>
<br>
You're not going to be able to do an ACL for SIP traffic
other than permit all for sessions initiated from CUCM
ephemeral port range toward the end points.<br>
<br>
Regards,<br>
Wes<br>
<br>
On 8/2/2011 4:04 PM, Lelio Fulgenzi wrote:
<blockquote cite="mid:797033825.1305129.1312315445650.JavaMail.root@erie.cs.uoguelph.ca">
<style>p { margin: 0; }</style>
<div style="font-family: Verdana; font-size: 10pt; color: rgb(0, 0, 0);">As mentioned in a previous thread, I'm
updating our voice VLAN ACLs<span>. I'm using
'established' entries to help out, but I'm going to
assume many of the protocols are two way, so I'd like
to include those where possible.<br>
<br>
In reading the documentation, some of the requirements
show what I'm pretty sure is a one way connection,
i.e. Phone -> Unified CM = 2000/TCP. I take this to
mean the phone picks a random TCP port and
communicates to the </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Unified CM </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4"> on port
2000 from this random port.<br>
<br>
Others show Phone -> Unified CM = 5060/TCP,UDP and
the opposite, </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Unified CM
-> </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">Phone </span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4">=
5060/TCP,UDP.<br>
<br>
Does this mean that the phone talks to Unified CM
using port 5060 to port 5060, -or- does it mean that
the phone picks a random port to talk to the Unified
CM port 5060 and sometimes the Unified CM picks a
random port to talk to the Phone's 5060 port?<br>
<br>
There two different things in my opinion.<br>
<br>
Thoughts?<br>
<br>
Lelio<br>
<br>
</span><span id="7cfbb40c-a4b1-4204-bd00-d872375142d4"><br>
<span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * University of Guelph * Guelph,
Ontario N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
Cooking with unix is easy. You just sed it and forget
it. <br>
- LFJ (with apologies to
Mr. Popeil)<br>
<span></span><br>
</span><br>
</div>
<pre><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div></body></html>