cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
3
Replies
Igor Aliyev
Beginner

Call policy on Expressway-E

Good day everyone,

 

Recently I have configured call policy rules on Expressway-e and right now there are two rules:

 

1) Allow unauthenticated by regex:         0[1-4]\d{3}@11\.11\.11\.11

2) Deny unauthenticated by regex:         .+@.+

 

So the first rule should allow to enter anyone to conference rooms, while the second should deny any fraud calls.

However, when I try to call from outside by URI 01234@11.11.11.11 I get my call rejected.

When i delete the second rule call proceeds.

What can be the problem?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

 

You said you left the source blank. please try to put .* in the source field. Also , just for fun, try to set the rule to authenticated. I see on some of my deployments I have all the rules doubled , both with authenticated and unauthenticated option, so there must have been some kind of issue there, although I don't exactly remember what it was...

 

regs

View solution in original post

3 REPLIES 3
goranpilat
Participant

Hi,

 

seems your calls are not hitting the first rule, only second (and when that one is deleted, none of the rules are hit). what did you put in the source pattern field? How does your SIP from address look like? did you check event log immediately after you tried the failed call?

 

Regards

It seems so to me as well, but Check Pattern tool shows match.

I left source blank for Unauthenticated User and my SIP from address looks like trading@corp.xyz. I also tried to add SIP from URI to source field but with there was no result.

In every case logs give this:

tvcs: Event="Call Rejected" Service="SIP" Src-ip="5.5.5.5" Src-port="5060" Src-alias-type="SIP" Src-alias="sip:trading@corp.xyz" Dst-alias-type="SIP" Dst-alias="sip:01234@11.11.11.11" Call-serial-number="1d7b0ae0-00f9-409b-ae55-b6c184aa92b6" Tag="dcc8fbbd-688e-4521-aac4-19656a6d2217" Detail="Forbidden" Protocol="TCP" Response-code="403" Level="1" UTCTime="2020-01-29 03:57:21,732"

Hi,

 

You said you left the source blank. please try to put .* in the source field. Also , just for fun, try to set the rule to authenticated. I see on some of my deployments I have all the rules doubled , both with authenticated and unauthenticated option, so there must have been some kind of issue there, although I don't exactly remember what it was...

 

regs

View solution in original post

Content for Community-Ad

Spotlight Awards 2021