CME Intrusion

Answered Question
Aug 18th, 2008

I have a CME directly connected to the Internet. And i found out that someone is using my ISDN access to make calls. Who can i block outgoing calls that are not from registered phones?

I have this problem too.
0 votes
Correct Answer by Marwan ALshawi about 8 years 3 months ago

good luck

Please, if helpful Rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
jjgoncalves Mon, 08/18/2008 - 06:15

Thanks for your help.

But i already have a corlist working. My question is if someone has some kind of softphone that is not configured on the CME, how can i be sure that he can not make the call.

Only the registered phones should be able to do so.

Marwan ALshawi Mon, 08/18/2008 - 06:23

look at the following prevous issue which is similer but not same as urs

i am sure will be useful

the idea is to block all calls in all times and make exmptions to the phones registered with ur CME so only the phones u configre will be allowed to make calls

please, if helpful Rate

jjgoncalves Mon, 08/18/2008 - 08:20

Thanks for your help.

I believe that was what the answer.

Best regards

Arthur Kant Mon, 08/18/2008 - 08:46

Am I naive in thinking that using the IOS firewall feature set in your CME router connected to the Internet would prevent this from happening?

jjgoncalves Mon, 08/25/2008 - 07:05

I think that could do the trick.

The funny think is that i don't understand how they can make the call!

*Aug 25 12:18:06: //19899/xxxxxxxxxxxx/CCAPI/cc_api_caps_ind:

Call Entry Is Not Found

*Aug 25 12:18:06: //-1/E9D8D7E61217/CCAPI/cc_api_display_ie_subfields:



----- ccCallInfo IE subfields -----















cisco-redirectreason=-1 fwd_final_type =0

final_redirectNumber =

hunt_group_timeout =0

This is the first time this has happen to me.

I think that they are using a PC to make the outbound call.

rcordeiro Wed, 08/11/2010 - 04:29


Did you ever solved this issue?

I think I'm having the same issue. I have a UC500 that started to make calls I don't know where they came from.

All calls have a calling number=0000 and they dial numbers around the world.

It seems the UC500 starts the calls itself...


Paolo Bevilacqua Wed, 08/11/2010 - 04:57

You likely have CME exposed to the internet, they call via SIP or more rarely H.323.

Generally, this is easily addressed with an access-list.

rcordeiro Wed, 08/11/2010 - 05:01


Thanks for your reply.

I got some more info on this with some debugs, and now have "asterisk" as a Call Name.

The UC500 does have a public IP address. Does it receive and accept SIP calls on this public interface without any config? It's just a Dialer with pppoe.


rcordeiro Wed, 08/11/2010 - 05:30

How can I achieve this with early firmware version? I have 15.0.1XA on a UC520.

Or where can I get 15.1.2 IOS, in the software page I only have 12.4.

Many thanks

rcordeiro Wed, 08/11/2010 - 06:19

Sorry to bother again,

Do you know if there's already a 15.1.2T version for the UC520? I'm not able to find it anywhere.

Many thanks

Paolo Bevilacqua Wed, 08/11/2010 - 06:21

There is not. IOS for UC500 comes out some months after normal routers.

Please remember to rate useful posts clicking on the stars below.


This Discussion