Access-List
ip access-list extended 110
access-list 101 deny udp any any eq 2427 log
access-list 101 deny tcp any any eq 2428 log
access-list 101 deny tcp any any range 1718 1720 log
access-list 101 deny tcp any any eq 1731 log
access-list 101 deny tcp any any eq 2000 log
access-list 101 deny tcp any any eq 5060 log
access-list 101 deny udp any any eq 5060 log
access-list 101 permit ip any any
Next apply this access-list on the internet interface. It can be dialer in case of PPPoE internet and FE in case of fixed IP broadband
ip access-group 110 in
ip access-group 110 in
Log is enabled to monitor the number of hits against each line. But if these logs increase CPU utilization then apply the access-list without log command in the end.
Port 5060 will be targeted more due SIP port.
UDP 2427 (MGCP)
TCP 2428 l (MGCP)
TCP 1718 1720 (H323)
TCP 1731 (MSICCP)
TCP 2000 (SCCP) SKiNNY Cisco
TCP 5060 (SIP)
UDP 5060 (SIP)
No comments:
Post a Comment