Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
4
Replies

Allowing inbound calls from Webex cloud to on-prem

chris.barlow1
Level 1
Level 1

‎06-16-2020 08:38 AM

Hi I would like to allow Webex cloud to dial into our on-prem endpoints but block calls from other external sources. I know I could do that by IP address on the firewall but is there a way within Expressway (12.7) that's a bit easier to maintain? E.g. is it possible to create and identify calls coming from Webex cloud as a zone?

Labels:
0 Helpful
4 Replies 4

Mike_Brezicky
Cisco Employee
Cisco Employee

‎06-16-2020 12:07 PM

Are you looking to call on-prem video endpoints, or any endpoint in general?
If just video endpoints, look into utilizing the Hybrid Calling.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html
If any endpoint, look int utilizing Webex Edge Audio
https://help.webex.com/en-us/xmsy7d/Cisco-Webex-Edge-Audio-Customer-Configuration-Guide
0 Helpful

chris.barlow1
Level 1
Level 1
In response to Mike_Brezicky

‎06-16-2020 12:59 PM

Thanks Mike I'll look at those. I just want to allow calls to the SIP address of our room devices but only if it comes from Webex i.e. initiate a call back for a Meeting
0 Helpful

Roger Kallberg
VIP
VIP
In response to chris.barlow1

‎06-17-2020 08:30 AM

In you B2B Expressway system you can define a CPL that allows calls in if they come from the appropriate domain.

Example of a CPL that you could use.

<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
	<address-switch field="destination">
		<address regex="(.*)<your domain>.com">
			<address-switch field="unauthenticated-origin" subfield="host">
			<address subdomain-of="webex.com">
				<!-- Route the call -->
				<proxy/>
			</address>
			<address subdomain-of="cisco.com">
				<!-- Route the call -->
				<proxy/>
			</address>
			<address subdomain-of="ciscotac.net">
				<!-- Route the call -->
				<proxy/>
			</address>
			<address subdomain-of="ciscospark.com">
				<!-- Route the call -->
				<proxy/>
			</address>
			<otherwise>
				<!-- Reject Calls from All Other Sources  -->
				<reject status="403" reason="Denied by Policy"/>
			</otherwise>
			</address-switch>
		</address>
	</address-switch>
</taa:routed>
</cpl>


Response Signature


0 Helpful

Mike_Brezicky
Cisco Employee
Cisco Employee
In response to chris.barlow1

‎06-17-2020 04:13 AM

If that is the case, go forward with the Hybrid calling, and in CUCM / Expressway look to have the video units on their own subdomain - ex. video.example.com - and only create search rules explicit to that domain.
0 Helpful
Getting Started

Welcome to the Webex Community. This is your home to ask questions, share knowledge, and attend live webinars.

Customers Also Viewed These Support Documents