IPCC를 위한 Port Number

dhcp udp 67-68 icmp dns tcp/udp 53 CTI(tapi/jtapi) tcp 2748 skinny tcp 2000/2001/2002 H.323(RAS) tcp 1719 H.323(H.225) tcp 1720 H.323(H.245) tcp 11xxx The following outbound ACL is placed on the ports connecting to the Call Managers. On both Call Manager and Unity server the IIS server is moved from port 80 to 443, in order to protect it from the most common port 80 attacks. User access to the CCM user pages is provided on the subscriber only. ip access-list extended secure_ccm1 remark Network Admin subnet access to the Call Manager permit tcp 10.1.105.0 0.0.0.255 any eq telnet remark Safe IIS access to CCM permit tcp 10.1.105.0 0.0.0.255 any eq 443 remark SSH access to CCM permit tcp 10.1.105.0 0.0.0.255 any eq 22 permit icmp 10.1.105.0 0.0.0.255 any echo-reply log permit icmp 10.1.105.0 0.0.0.255 any echo log permit udp 10.1.105.0 0.0.0.255 any eq snmp remark Terminal Services access to CCM permit udp 10.1.105.0 0.0.0.255 any eq 3389 remark Skinny access to CCM permit tcp 10.0.0.0 0.255.254.255 any range 2000-2002 dscp af31 remark H.225 and H.245 access to CCM permit tcp 10.0.0.0 0.255.254.255 any eq 1720 dscp af31 permit tcp 10.0.0.0 0.255.254.255 any gt 3000 dscp af31 remark MGCP access to CCM permit udp 10.0.0.0 0.255.254.255 any eq 2427 dscp af31 permit tcp 10.0.0.0 0.255.254.255 any eq 2428 dscp af31 remark JTAPI/TAPI access to CCM for Softphones, IP-IVR, and IPCC permit tcp 10.0.0.0 0.255.255.255 any eq 2748 remark TFTP access from IPhones to CCM permit tcp 10.0.0.0 0.255.255.255 any eq 69 dscp 4 permit tcp 10.0.0.0 0.255.255.255 any gt 1024 dscp 4 remark PC access to Call Manager user pages ? Subscriber only permit tcp 10.0.0.0 0.255.255.255 host 10.1.106.2 eq 443 remark SoftPhone LDAP access to DC Directory on Call Manager permit tcp 10.0.0.0 0.255.255.255 any eq 8404 remark Allow Call Manager to ping phones and receive reply permit icmp 10.0.0.0 0.255.255.255 any echo-reply log remark Allow the subscriber and publisher to communicate deny tcp host 10.1.104.2 host 10.1.106.2 eq www deny tcp host 10.1.106.2 host 10.1.104.2 eq www permit tcp host 10.1.104.2 host 10.1.106.2 permit tcp host 10.1.106.2 host 10.1.104.2 remark Explicit deny all with logging deny ip any any log interface vlan 104/106 ip access-group secure_ccm out The following outbound ACL is placed on the port connected to the Unity server ip access-list extended secure_unity remark Network Admin subnet access to Unity permit tcp 10.1.105.0 0.0.0.255 host 10.1.108.2 eq 443 permit tcp 10.1.105.0 0.0.0.255 host 10.1.108.2 telnet permit tcp 10.1.105.0 0.0.0.255 host 10.1.108.2 22 permit icmp 10.1.105.0 0.0.0.255 host 10.1.108.2 echo-reply log permit icmp 10.1.105.0 0.0.0.255 host 10.1.108.2 echo log permit udp 10.1.105.0 0.0.0.255 host 10.1.108.2 eq snmp remark Skinny access from the 2 CCM’s to Unity permit tcp host 10.1.104.2 range 2000 2002 host 10.1.108.2 dscp af31 permit tcp host 10.1.106.2 range 2000 2002 host 10.1.108.2 dscp af31 remark PC access to Active Assistant permit tcp 10.0.0.0 0.255.255.255 host 10.1.108.2 eq 443 remark Allow media stream permit udp 10.0.0.0 0.255.254.255 range 16384 32768 any range 16384 32768 dscp ef remark Explicit deny all with logging deny ip any any log interface vlan 108 ip access-group secure_unity out