- This topic has 2 replies, 1 voice, and was last updated 19 years, 11 months ago by Manny.
-
AuthorPosts
-
19th January 2005 at 14:02 #28758MannyGuest
Hi,
I have a cisco gatekeeper and gateway.
I registered the gateway to my gatekeeper with an h323 security policy so that nobody but me could be registered to the gatekeeper.
The problem is that anyway everybody can send calls directly to my gateway bypassing the gatekeeper. Is there any solution to this issue?Thanks in advance.
19th January 2005 at 15:48 #28759Teodor GeorgievGuestSeveral solutions:
1. make an inbound extended access-list to allow inbound connections on port 1720 tcp only from your gateway.
2. Run Radius authentication on your incoming dialpeer.
3. Put an ANI on your incoming dialpeer and let the gatekeeper send all the calls with that ANI.
4. Configure a tech prefix on the cisco gateway that is hard to guess.
Are those enough ?
19th January 2005 at 19:43 #28760MannyGuestThis is the configuration of the dialpeer of MyGW:
dial-peer voice 11 voip
incoming called-number 766T
destination-pattern 765T
progress_ind setup enable 3
session target ras
!
dial-peer voice 10 pots
incoming called-number 765T
no digit-strip
direct-inward-dial
!
dial-peer voice 1 pots
destination-pattern 766T
port 3/0:DAll the calls that come in from the PSTN with the 765 prefix are routed to the gatekeeper.
All the calls that MyGW receive from the IP with 766 prefix are routed to the PSTN.1. make an inbound extended access-list to allow inbound connections on port 1720 tcp only from your gateway.
I think I cannot create an ACL on MyGW because I do not know the address of the ForeignGW because is negotiated each time between the gatekeepers and could change.
2. Run Radius authentication on your incoming dialpeer.
For this solution I will investigate because I do not know enough about it.
3. Put an ANI on your incoming dialpeer and let the gatekeeper send all the calls with that ANI.
Do you mean to add a “calling-number outbound range 1234 1234” to the “dial-peer voice 10 pots” in order to put 1234 to the ANI of the calling party and then allow only to this calls to pass through the gatekeeper and deny all the other ANI? (I do not know how 🙁 )
But if I configure Netmeeting to use the MyGW the dialpeer will add automatically the ANI to this call as well.
In any case I have to consider that the ANI is the real one from the customer coming from the PSTN and passing through the VOIP and I have to keep it as it is for the end user who receive the call.4. Configure a tech prefix on the cisco gateway that is hard to guess.
I configured a default tech prefix because carriers only send me a prefix like 766 in front of the number.
I am very sorry if what I explain in not too clear or wrong, I am trying to learn as much as possible, but I still have some road to do.
Thank you very much
-
AuthorPosts
- The forum ‘Voice over IP’ is closed to new topics and replies.