02-10-2014 01:48 AM - edited 03-18-2019 02:34 AM
Hi to All,
I have some problem with writting CPL script.
I've succesfully setup AD direct authentication deployment "VCS Control and VCS Expressway with Active Directory (direct) authentication on VCS Control". Now I've faced with the next task. There is necessary to adjust external registration requests and calls via VCS E. There are two requrements:
What I've already done:
<taa:routed>
<address-switch field="unauthenticated-origin" subfield="host">
<address subdomain-of="vc.met.com">
<proxy/>
</address>
<otherwise>
<reject status="403" reason="Denied by policy"/>
</otherwise>
</address-switch>
</taa:routed>
This script allows to pass Movi registration requests with sip domain "vc.met.com" as I need.
But how can I modify the rule for the second requirement ?
I would appreciate any help.
Thanks in advance!
Maksim.
02-11-2014 11:37 AM
Dear colleages and experts,
does anyone have any thoughts about CPL scripting for that task? or another way to solve?
03-25-2014 05:36 PM
Replace VCSzoneName with the exact name of your VCS control zone
Replace ExpresswaysIPaddress with the external IP of your expressway
Set your expressways default zone to "Do Not check credentials", set whichever zone jabbers register on your VCS control to "Check credentials", Set your VCS control to accept proxied registrations.
If you don't already have a transform or a search rule that strips part of the regex or suffix, you'll need to strip the IP address off of the E164@expresswaysipaddress
<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<taa:rule-switch>
<!-- allow calls originating from endpoints registered to VCS Control -->
<taa:rule originating-zone="VCSzoneName" destination=".*">
<proxy />
</taa:rule>
<!-- allow jabber user registration User ID-->
<taa:rule unauthenticated-origin="(.*)@vc.met.com" destination=".*">
<proxy />
</taa:rule>
<!-- MCU External VC RM SIP -->
<taa:rule origin=".*" destination="7089@vc.met.com">
<proxy />
</taa:rule>
<!-- MCU External VC RM H323 pre-transform -->
<taa:rule origin=".*" destination="7089@ExpresswaysIPaddress">
<proxy />
</taa:rule>
<!-- MCU External VC RM H323 post-transform -->
<taa:rule origin=".*" destination="7089">
<proxy />
</taa:rule>
<!-- reject calls from all other sources -->
<taa:rule origin=".*" destination=".*">
<reject status="403" reason="Incoming Calls Rejected"/>
</taa:rule>
</taa:rule-switch>
</taa:routed>
</cpl>
02-25-2015 09:37 AM
Hi Derek,
Could this script be used for ISDN?
Regards,
Emma
02-25-2015 09:52 AM
For an ISDN GW? or do you mean, to stop dial through fraud where someone is bouncing in via the expressway to your ISDN GW or phone network?
02-25-2015 09:59 AM
Thanks for your reply Derek,
Yes, I mean hairpin dialing.
Emma
02-25-2015 10:22 AM
something like the following should work, dunno the exact requirements of your environment, change the 9(.*) to whatever your prefix to dial outbound is 8(.*) or 064(.*) or whatever. and add whatever other rules above and below. rules run in order, so specific match rules need to be higher than generic catch all rules which should be at the bottom.
<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<taa:rule-switch>
<!-- Block ISDN GW DTF dialing -->
<taa:rule origin=".*" destination="9(.*)">
<reject status="403" reason="Incoming Calls Rejected"/>
</taa:rule>
</taa:rule-switch>
</taa:routed>
</cpl>
02-26-2015 01:13 AM
Thank you Derek, I will test that today.
Emma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide