cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2155
Views
0
Helpful
4
Replies

VCS Call policy - exclusion on a specific pattern

gabriel.caclin
Level 4
Level 4

Hello All,

I am opening this topic to grab some info about call policy on the Cisco VCS running 7.x version.

In my case, I set up an ISDN GW that is used with the prefix "9".

Tto avoid any "Toll fraud" on my ISDN GW from the Public Internet, I set up a call policy on the VCS Expressway To answer by a "403/Deny by Policy" each attempt from a non-authenticated source dialing [9](.*)@<domain name or Public IP adresse of VCS Expressway>.

Hopefully it works perfectly.

But I am now facing another behaviour. My VCS dial plan is 9910XX...so it means that the MCU is using this range for Multiway as well.

When I am escalting a call to Multiway with a external and unknown participant, the Multiway send a SIP REFER to all the endpoint, inviting them to dial back 9910XX@<domain> to enter the ad-hoc conference.

But, it starts by 9, and Call Policy kick it out.

So, my question is, is there a way, on the Call Policy, to avoid call attemps starting by 9 from unknown source, except if it is inside a specific range (9910XX@<domain>) ?

I am a bit confuse, I don't know how to perform "exclusion" to a rule in the call policy.

Thanks a lot!

Cheers

1 Accepted Solution

Accepted Solutions

awinter2
Level 7
Level 7

Gabriel,

if your ISDN Gateway is registering a prefix of 9, then this prefix should be owned exclusively by this gateway, you shouldn't allow other devices to use aliases starting with 9, and neither should Multiway. I'd recommend that you reconfigure Multiway and endpoints so that they use aliases starting with other digits.

- Andreas

View solution in original post

4 Replies 4

awinter2
Level 7
Level 7

Gabriel,

if your ISDN Gateway is registering a prefix of 9, then this prefix should be owned exclusively by this gateway, you shouldn't allow other devices to use aliases starting with 9, and neither should Multiway. I'd recommend that you reconfigure Multiway and endpoints so that they use aliases starting with other digits.

- Andreas

Tomonori Taniguchi
Cisco Employee
Cisco Employee

The call policy is design to process first match rule so you could setup policy to except call in specific range which listed above than the policy to reject all other call.

However as Andreas mention, if your ISDN GW directly registered on VCS using prefix of “9”, this prefix should be owned exclusively by ISDN Gateway.

Our recommendation is to change prefix or Endpoint alias assignment making sure to not overlap alias range.

Other method is

- Enable embedded gatekeeper on ISDN Gateway (if support), then create neighbor zone on VCS pointing to ISDN Gateway.

- Create search rule match for 99xx Endpoint alias range and target to local zone (or zone/subzone your endpoint registered)

- Create search rule match for prefix 9 and target to ISDN Gateway neighbor zone with lower priority than above search rule.

This allows keeping current alias assignment, but makes more complicate for VC deployment.

We strongly recommend redesigning the alias assignment.

Okay thanks you guys,

I was thinking about that, but I wanted to be sure if things were not possible.

So I will change the ISDN GW prefix.

Thanks for your help!

Gabriel

Might want to take a look at this too:

https://supportforums.cisco.com/message/3542518#3542518

/jens

Please rate replies and mark question(s) as "answered" if applicable.