Adding PSTN to the prompt management extension ( AvT)

Unanswered Question
Jun 9th, 2010
User Badges:
  • Bronze, 100 points or more

I am adding a PSTN for users to call for prompt management extension.

CCA creates the prompt mgmt extension and its dial peer, but I want to add the PSTN to it.

That way the customers without an auto attendant or with an auto attendant that does not allow DBX can simply call in tot eh prompt mgmt number.


I was going to see how CCA creates the PSTN voicemail access number...

I was being super simple following these steps:

1. Check the prompt mgmt dial peer's translation profile

2. add a new rule to that profile's translation rules   taking the PSTN to the extension   rule 2 /7202221234/ /555/


Is this way OK and protected from toll fraud?

I noticed that CCA actually creates a voicemail pilot number dial peer AND a voicemail PSTN access number dial peer....so do I need BOTH for the prompt mgmt PSTN as well? I have a feeeling my adjustment leaves us exposed to toll fraud and that I need to create a new OOB dial peer for my prompt mgmt extension's PSTN number with destination pattern 7202221234$   or something like that?



QUESTION: how do I add a PSTN number to the prompt mgmt extension following OOB rules and staying protected from toll fraud?


Thank you,

Stacy


P.S.

Attached are some copied pieces of the configs.

In this particular case, my issue gets a litlte more complex since the dial peers CCA created are referencing translation profiles that do not exist...

it's a box we're rebuilding so I'm not too suprised.  Either way I just need my base question answered and then i cna sort out my specific configs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Trad Thu, 06/10/2010 - 04:03
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Hi Stacy,




QUESTION: how do I add a PSTN number to the prompt mgmt 
extension following OOB rules and staying protected from toll fraud?


Make sure that you have allocated only one extension as the prompt administrator, on top of that make the password on that extension the most difficult you can think of, somewhere between 8 to 12 characters long and Alpha numeric with capitols if you or the client can also deal with that. Toll fraudsters focus on week passwords associated to either mailboxes and also Auto Attendants, so make it as hard as you can.


In this particular case, my issue gets a litlte more complex since the 
dial peers CCA created are referencing translation profiles that do not 
exist...



Fair call, however if you are an adventurous, then add them in, I use those exact same ones on all my deployments it doesn't change, if need be manipulate the translation rules to suit you, or amalgamate them into one of the others you have there.


The other small things to note if you are going to allow outside access to the prompt management are:


  • Do not have any hidden prompts, only have the ones in the announcement
  • Only allow trusted workers or senior management to manage the prompts when outside of the organization
  • Change the password on a regular basis if practical


I might not have answered you in full, but i do hope the response can at least help you out.



Cheers,



David.

stacy.thompson Mon, 06/14/2010 - 10:34
User Badges:
  • Bronze, 100 points or more

Thank you for the input!


I am feeling adventurous and will mimic the vm access PSTN dial peers and translations.


Stacy

stacy.thompson Mon, 06/14/2010 - 13:35
User Badges:
  • Bronze, 100 points or more

Okay. Here is what I did...it works. Just not sure it is protected from fraud....


1. adjust an existing translation profile to add the rule 2 phone number to AVT extension

2. leave the avt extension dial peer built by CCA

3. build a dial peer for incoming to the pstn number (use the same translation profile the external vm access number dial peer uses)

4. build a dial peer for outgoing to the pstn number ending in $ (like the external vm access dial peer does)


#3 and #4 like so below.  I THINK dial peer 5016 prevents calling back out from the AVT/prompt mgmt extension (aka prevent toll fraud).


dial-peer voice 5015 voip
description ** AVT from SIP Trunk **
translation-profile incoming VM_Profile
session protocol sipv2
session target sip-server
incoming called-number 7202921234
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad


dial-peer voice 5016 voip
description ** AVT PSTN number **
translation-profile outgoing VM_Profile     
destination-pattern 7202921234$
b2bua
session protocol sipv2
session target ipv4:10.1.10.5
voice-class sip outbound-proxy ipv4:10.1.10.5 
dtmf-relay sip-notify
codec g711ulaw
no vad

Actions

This Discussion

Related Content