Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Reply To: Gatekeepeer and gateway security


This is the configuration of the dialpeer of MyGW:

dial-peer voice 11 voip
incoming called-number 766T
destination-pattern 765T
progress_ind setup enable 3
session target ras
dial-peer voice 10 pots
incoming called-number 765T
no digit-strip
dial-peer voice 1 pots
destination-pattern 766T
port 3/0:D

All the calls that come in from the PSTN with the 765 prefix are routed to the gatekeeper.
All the calls that MyGW receive from the IP with 766 prefix are routed to the PSTN.

1. make an inbound extended access-list to allow inbound connections on port 1720 tcp only from your gateway.

I think I cannot create an ACL on MyGW because I do not know the address of the ForeignGW because is negotiated each time between the gatekeepers and could change.

2. Run Radius authentication on your incoming dialpeer.

For this solution I will investigate because I do not know enough about it.

3. Put an ANI on your incoming dialpeer and let the gatekeeper send all the calls with that ANI.

Do you mean to add a “calling-number outbound range 1234 1234” to the “dial-peer voice 10 pots” in order to put 1234 to the ANI of the calling party and then allow only to this calls to pass through the gatekeeper and deny all the other ANI? (I do not know how 🙁 )
But if I configure Netmeeting to use the MyGW the dialpeer will add automatically the ANI to this call as well.
In any case I have to consider that the ANI is the real one from the customer coming from the PSTN and passing through the VOIP and I have to keep it as it is for the end user who receive the call.

4. Configure a tech prefix on the cisco gateway that is hard to guess.

I configured a default tech prefix because carriers only send me a prefix like 766 in front of the number.

I am very sorry if what I explain in not too clear or wrong, I am trying to learn as much as possible, but I still have some road to do.

Thank you very much