Re: VCSE configuration restricting external users

Kitale555 · ‎05-06-2013

I am looking for information on how I can design either a policy/search rule or a configuration to provide a limited amount of our external customers the ability to dial into our network via SIP. We have a VCS-E(Cluster of 2) sitting in the DMZ with traversal links to our internal VCS_C (Cluster of 2). Currently we have configured the VCSE to always 'check credentials' for any incoming jabber/MOVI/SIP call. However we would like to offer just a few of our customers the ability to call into specific conferences or SIP clients/endpoints. Our plan is to block everybody else from dialing into our network via the expressway. How do I accomplish this ?

Patrick Sparkman · ‎05-06-2013

Could implement a set of call policy rules (VCS configuration > Call Policy) on the VCS-E to allow/deny certain incoming calls. The rules will be handled top down, so the very last rule you'd want it to be the deny, and all allows above that.

Example CLP that will deny all incoming traffic, but allow traffic from Cisco.com domains written as an XML file:



http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
 
  
    
    *@cisco.com" destination=".*">

You can either write your own set of rules in an XML file, or use the VCS's web interface to write them.

Be sure you do extensive testing using the Locate tool in the VCS to verify the desired results you want, and to make sure you don't block someone you meant to allow access to call in.

I'd suggest you take a look at the VCS admin guide, and on the forums here, both contain plenty of examples that can greatly help.

Kitale555 · ‎05-06-2013

Patrick: Thank you so much for this. I will consult with the VCS guide,test it and report the results here!