Lately our main line has been getting calls from internal extensions that we don't have in the phone system. All of our extensions are in the 300's, but we get calls to the main line from extension 100. When we answer the phone, there is no one there. This can happen every two hours or every 20 minutes.
I called Fonality (VOIP provider) to explain the issue, and they told me that we are getting spam calls. They say that spam calls ring the server using the public IP address of the server, using UDP port 5060 in the firewall.
I was advised to lock down UDP port 5060 and to create a whitelist for our remote phones (telephones outside the office) and for the ISP carrier. I think that closing port UDP 5060 is the easiest way to resolve this issue but we will encounter registration of the remote phones to the server and registration of the phone server to the VOIP carrier using port 5060.
In conclusion, I need to allow access to port 5060 UDP only to our internal VOIP server and remote phones. Right now we are allowing all traffic I believe on UDP 5060. Please see attachment file for configuration.
We are using a Cisco 2901 router, and we only use the router's built-in firewall.
ISP Gateway-> Cisco Router -> Switch -> VOIP Server
I am writing here to get step-by-step instructions as to how to make the modifications that I was given by Fonality. The router uses Cisco's IOS and I need every command that will be required to accomplish this.
Thanks a lot!