cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1157
Views
0
Helpful
5
Replies

DNS calls from external systems via Expressway

Alexander Zykov
Level 1
Level 1

Hello everybody.

I'm trying to close the ability to call from external systems (such like any SIP provider) to my subscribers via DNS zone. Now I don't have any restrictions for that, because traversal zone of Expressway passes all calls to VCS Control.
If I'm set "Source" from "Any" to "AllZones" in traversal zone
, calls from external systems do not processing, but provisioning requests did not pass to VCS control, and registration on Expressway becomes impossible. How I can solve this problem?

1 Accepted Solution

Accepted Solutions

It would be two groups, your users which can authenticate and which would be allowed and then all the others. How I understood your first posting that would have worked.

Not sure how I have to interpret your new posting. If you need more specific call control,
please check the admin guide for the CPL. There you could specify which URIs can
call who or not. But thats a bit more like programming.

There is also the web "policy rules" but that would not really fit neither as it can
only map in between unauthenticated calls and specific authenticated uris.

 

Please remember to rate helpful responses and identify

View solution in original post

5 Replies 5

Jens Didriksen
Level 9
Level 9

You should leave it as "Any", which is also the default. If need be, you can specify the protocol and have slightly different search rules and priorities for H.323 and SIP.

Take a look at the Admin guide applicable to the software version your are running: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-maintenance-guides-list.html

and also the VCS Basic Configuration (Control with Expressway) Deployment Guide relevant to the software version you have: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-installation-and-configuration-guides-list.html

for further information.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

 

 

 

Please rate replies and mark question(s) as "answered" if applicable.

Martin Koch
VIP Alumni
VIP Alumni

Could you explain a bit what issues you have here?

 

Is it really DNS or is it some unwanted SIP/VoIP Scanning (like the typical 100@vcs) calls?

These typically go to the IP and depending on your search rules should not show even up on the VCS-C.

 

If this is a critical thing for you I would enable proper authentication. This would enable you to

provision and register the extneral clients and just reject all inbound calls which are not authenticated.

 

 

Please remember to rate helpful responses and identify

Martin, I don't have any SIP scanning (like 100@vcs etc).

With value "Any" in all options "Source" I call from external device to internal device myself: install SIP client on my smartphone, register on free SIP provider (sip2sip.info) and call to test@mydomain.ru (registered on Expressway or Control, no matter). Call was successfully.

I know, I can allow or reject calls to IP address. That is another thing.

I want have opportunity to reject all external calls excluding those, that I specify. For example: calls from user@provider1.ru, aaa@provider2.ru should allows. Other should be rejected. Subscribers user@provider1.ru, aaa@provider2.ru can't register on my Expressway. How I can authenticate calls from external systems? In "Default Zone" and "Default Subzone" I have value "Check credentials" in option "Authentication policy", but this applies only to registrations.

It would be two groups, your users which can authenticate and which would be allowed and then all the others. How I understood your first posting that would have worked.

Not sure how I have to interpret your new posting. If you need more specific call control,
please check the admin guide for the CPL. There you could specify which URIs can
call who or not. But thats a bit more like programming.

There is also the web "policy rules" but that would not really fit neither as it can
only map in between unauthenticated calls and specific authenticated uris.

 

Please remember to rate helpful responses and identify

Thanks, I will try CPL.