cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1397
Views
10
Helpful
6
Replies

Will 'bypass' be disabled if I update IOS v12 to v15 on mi 3845 ISR Router?

Yep, that's the question...

I made a topic asking for answer about possible problems in order to upgrade to IOS v15

This is the link.

https://supportforums.cisco.com/thread/2083764?tstart=0

When I was about to update, my parthners told me that IOS will disable (or not work well) the BYPASS that I have on my Call Manager.

Le me explain the situation.

We have the router on location A, Location A, has in our CM 7.1.3-30 0000 bypass manually configured (not using local to route group).

Location A, comunicates with Locations B, C, D and F, by VPN and Bypass allow to make calls to location A --> B using VPN and outgoing like locals calls on location B.

The same with


A --> C

A --> D

A --> F

Using VPN to route the call on another State to make that call outgoing by the local remote router.

We also have a conection beetween Router A and a Gatekeeper, the Gatekeeper Allows communication beetween traditional phones and Ip phones on other locations (states) with sites full voip to sites 50% voip and 50% Legacy phones and Call Manager.

¿Why would v15 IOS will disable BYPASS?, and... Will it cause some miss-configuratiosn beetween our Gatekeeper and our the Gateways (local and remote).

I fully understant the process of creating route to local groups bypass, and I can´t see how a new versión IOS will cause problem, if everything depends on the Call Manager.

However, I willl be grateful if u' help me on this, The basic information about IOS version and router model can found here:

https://supportforums.cisco.com/thread/2083764?tstart=0

If u' need aditional information, please make me know!

Regards!

1 Accepted Solution

Accepted Solutions

clileikis
Level 7
Level 7

Hi Juan,

I believe this document may be what your partner is referring to:

Understanding Toll Fraud Enhancements in 15.1(2)T

https://supportforums.cisco.com/docs/DOC-12228

HTH,

Chris

View solution in original post

6 Replies 6

frlindse
Cisco Employee
Cisco Employee

Hi Juan,

I know of no situation that toll bypass would be diabled in IOS 15,.x.  As you said, the dial-plan is in Call Manager at least for the most part.  What type of gateway is the 3845 (H.323,SIP,etc.)?

Thanks,

Frank

clileikis
Level 7
Level 7

Hi Juan,

I believe this document may be what your partner is referring to:

Understanding Toll Fraud Enhancements in 15.1(2)T

https://supportforums.cisco.com/docs/DOC-12228

HTH,

Chris


Hi all,

I have my Gateways registered vía H323

Is that ok?

Regards.

If you are upgrading to 15.1(2)T or later, then yes your H.323 gateways will be affected by the document mentioned above.  I would recommend reading through it as it's well written and will apply to you if you are upgrading to the version mentioned.

Here is a section from the document indicating on how to return to pre 15.1(2)T behaviour if you do not wish to use the added toll fraud trusted list functionality:

How to Return to Pre-15.1(2)T Behavior

I. Source IP Address Trust List

There are three ways to return to the previous behavior of voice gateways before this trusted address toll-fraud prevention feature was implemented.  All of these configurations will require that you are already running 15.1(2)T in order for you to make the configuration change.

1. Explicitly enable those source IP addresses from which you would like to add to the trusted list for legitimate VoIP calls.  Up to 100 entries can be defined.  This below configuration will accept calls from those host 203.0.113.100/32, as well as from the network 192.0.2.0/24.  Call setups from all other hosts will be rejected.  This is the recommended method from a voice security perspective.


voice service voip

  ip address trusted list

  ipv4 203.0.113.100 255.255.255.255

  ipv4 192.0.2.0 255.255.255.0

2. Configure the router to accept incoming call setups from all source IP addresses.

voice service voip

  ip address trusted list

  ipv4 0.0.0.0 0.0.0.0

3. Disable the toll-fraud prevention application completely.

voice service voip

no ip address trusted authenticate

HTH,

Chris

Hi All, thanks clileikis, you were right... I didnt notice that the Feature enables automatically at the start, and the document was helpfull too, I choose your 1st answer the right answer.

frlinse I got 5 stars!

Thanks to all you people for your time.

Regards.

Thanks for the rating Juan!

Chris