08-10-2016 07:11 AM - edited 08-10-2016 07:38 AM
Hello all and thanks for taking the time to check this out. I appreciate any assistance anyone can offer.
The ACL is probably very simple for most of you.
Okay...I have a VoiP phone with Ip address 10.10.10.10 on VLAN 40
I need to block all outgoing traffic on the phone to the call manager at 10.1.2.20, but still allow incoming traffic.
If you can help, could you explain the logic in your rule? I need to know the syntax and the flow of the rule.
You don't have to include the logic part, just the acl rule will be okay, but if you have the time to include it , great.
08-11-2016 09:13 AM
Firstly permit access call manager to host
permit ip host 10.1.2.20 host 10.10.10.10
Then permit responses back from the host to call manager (allow Acknowledgment (ACK) or Reset (RST) will not allow SYN)
permit tcp host 10.10.10.10 host 10.1.2.20 established gt 1023
Then deny all other from host to call manager
deny ip host 10.10.10.10 host 10.1.2.20
Allow everything else (if required)
permit ip any any
This will only allow TCP connections to host from call manager (for UDP this would need to be modified)
Also worth checking that phone does not need to make specific connections to the call manager, if it does ACL would need to be modified accordingly
Hope this helps