Specifications
Setting Up Secure Survivable Remote Site Telephony
Configuration Examples for Secure SRST
143
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
forward-digits all
!
dial-peer voice 81234 pots
application mgcpapp
destination-pattern 81234
port 1/0/0
!
dial-peer voice 999100 pots
application mgcpapp
port 1/0/0
!
dial-peer voice 999110 pots
application mgcpapp
port 1/1/0
!
!
! Enable credentials service on the gateway.
credentials
ip source-address 10.1.1.22 port 2445
trustpoint srstca
!
!
! Enable SRST mode.
call-manager-fallback
secondary-dialtone 9
transfer-system full-consult
ip source-address 10.1.1.22 port 2000
max-ephones 15
max-dn 30
transfer-pattern .....
.
.
.
Control Plane Policing: Example
This section provides a configuration example for the security best practice of protecting the credentials
service port using control plane policing. Control plane policing protects the gateway and maintains
packet forwarding and protocol states despite a heavy traffic load. For more information on control
planes, see the Control Plane Policing documentation.
Router# show running-config
.
.
.
! Allow trusted host traffic.
access-list 140 deny tcp host 10.1.1.11 any eq 2445
! Rate-limit all other traffic.
access-list 140 permit tcp any any eq 2445
access-list 140 deny ip any any
! Define class-map "sccp-class."
class-map match-all sccp-class
match access-group 140
policy-map control-plane-policy
class sccp-class
police 8000 1500 1500 conform-action drop exceed-action drop