Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL for H323 protocol 2

Status
Not open for further replies.
Ed.Sabano

Ed.Sabano

IS-IT--Management
Jun 1, 2017
21
US
I have a vlan that i'm blocking from reaching our main network but i have a couple of avaya ip phones (9620s) that i want to allow to reach the ip 500v2.

I have 2 acls in place at the top allowing traffic in on the interface:

udp on port 1719 (gatekeeper discovery)
tcp h323

Phone will dial and then it will just cut off. Packet captures just showing exchanges on different ports.

What i am missing?
 
Sort by date Sort by votes
Depends on how sophisticated your firewall is.

You may find it easier to statically address the h andsets and then allow these source ip any ip (I.e. both udp.and tcp) to the ip of the ip500.

Crucially... for these extensions... remove 'use direct media path'

Why Do you want this sort of security?




Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
 
Upvote 0 Downvote
i was going for specific ports instead of ip but i guess that'll do. The phones are statically addressed.

As far as the security goes, its a different company on this vlan.

 
Upvote 0 Downvote
Ports used by H.323 phones are

DHCP - UDP/68
HTTP/S - 80/411
H.323 - UDP/1718-1720, TCP/1720
(S)RTP/RTCP - UDP/46750-50740 (default for IP500 9.1 but depends on IPO type and settings)

Check port matrix for complete list of IPO network ports

[URL unfurl="true"]https://downloads.avaya.com/css/appmanager/css/P8Secure/documents/101008914[/url]

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
You may also need 5005 as I have seen this port not being allowed stopping H323 phones working.

| ACSS SME |
 
Upvote 0 Downvote
The phone dials out, i call another extension, talk for a split second, and it cuts off. This is with just the ports i mentioned above.

I will check the port matrix, thanks.

I found the cause of the problem and it wasn't the ACL.

The switch for some strange reason kept putting the port that the phone is connected on to trunk. The ip acl takes care of it but i have yet to test out the ports that were mentioned.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
Updating H323 R6 SW on J179
Replies
2
Views
138
gwebster
gwebster
abtt
  • Locked
  • Question
High availability requires Gratuitous Address Resolution Protocol 1
Replies
1
Views
168
JayNEC
JayNEC
yikes123
  • Locked
  • Question
How to keep extension, but switch from an H323 phone (avaya 1608) to a SIP extension phone ( J159)
Replies
5
Views
219
yikes123
yikes123
OhashiManoel
  • Locked
  • Question
Avaya J179 H323 FW on IPO R9
Replies
2
Views
123
Shaun E
Shaun E
finest
  • Question
SMTP Server for IPO SE+VM
Replies
2
Views
183
franciscomcorona
franciscomcorona

Part and Inventory Search

Sponsor

Back
Top