cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Fireall not blocking hacking attamps

this is wha ti have in my config 

ip access-list extended SIP
remark SIP Service Provider
permit udp host 107.191.xxx.xxx any eq 5060
permit udp host 144.202.xxx.xxx any eq 5060

!
ip access-list extended T
!
!
!
!
ip policy-class Public
allow list Admin self
allow list SIP self

 

however i am getting attacks all day long from all sorts of ip address on port 5060 

i am not sure what i am missing 

0 Kudos
4 Replies
jayh
New Contributor III

Re: Fireall not blocking hacking attamps

Add the line in global config:

 

sip access-class ip "SIP" in

Anonymous
Not applicable

Re: Fireall not blocking hacking attamps

i am getting this error 

 


Access-list must be a standard ACL.

jayh
New Contributor III

Re: Fireall not blocking hacking attamps

Try this:

 

no ip access-list extended SIP

ip access-list standard SIP
remark SIP Service Provider
permit 107.191.xxx.xxx <wildcard mask>
permit 144.202.xxx.xxx <wildcard mask>

Emily
New Contributor

Re: Fireall not blocking hacking attamps


@jayh wrote:

Try this:

no ip access-list extended SIP

ip access-list standard SIP
remark Idiom Service Provider
permit 107.191.xxx.xxx <wildcard mask>
permit 144.202.xxx.xxx <wildcard mask>

I am very thankful to you for your suggestion. it worked well for me.