- Cisco Community
- Technology and Support
- Collaboration
- IP Telephony and Phones
- Securing CME on public IP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Securing CME on public IP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 12:22 AM - edited 03-16-2019 09:50 PM
Hi experts!
I am struggling with securing a CME that has (and needs to have) a public facing IP without any ACLs. The problem is that external SIP clients seem to be able to dial in and right back out again. I was hoping my translation-profile would stop this but it skips the reject rules for some reason;
072804: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: Skipping a call block rule; number=002972599979917 rule precedence=5
072805: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: Skipping a call block rule; number=002972599979917 rule precedence=10
For now I have solved the issue by setting max-conn 1, hardly a good solution but it stops them for now. Any ideas why the rejects are skipped / other ways to do this? Basically what I would want is a rule that drops all incoming calls that are NOT dialed TO 2001/2002.
Relevant config:
voice translation-rule 1
rule 1 /2002/ /2001/
rule 2 reject /^$/
rule 5 reject /.*/
rule 10 reject //
!
voice translation-profile to7925
translate called 1
!
dial-peer voice 10 voip
description **Outgoing/incoming Call to SIP Trunk**
translation-profile incoming to7925
huntstop
max-conn 1
destination-pattern .T
session protocol sipv2
session target sip-server
incoming called-number .T
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp ef signaling
no vad
!
Debug of someone 'almost' dialing out.
Received:
INVITE sip:002972599979917@193.150.32.94 SIP/2.0
To: 002972599979917<sip:002972599979917@193.150.32.94>
From: 1111<sip:1111@193.150.32.94>;tag=620e6ab0
Via: SIP/2.0/UDP 188.165.249.72:5071;branch=z9hG4bK-d7b1fe31272c9f6b938545f32272feae;rport
Call-ID: d7b1fe31272c9f6b938545f32272feae
CSeq: 1 INVITE
Contact: <sip:1111@188.165.249.72:5071>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 284
v=0
o=sipcli-Session 1308866512 612268699 IN IP4 188.165.249.72
s=sipcli
c=IN IP4 188.165.249.72
t=0 0
m=audio 5074 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv
072721: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Calling Number=002972599979917, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072722: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072723: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072724: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072725: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072726: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=1, saf_dndb_lookup=1, dp_result=0
072727: Feb 21 08:55:28.303 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072728: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Calling Number=1111, Called Number=, Voice-Interface=0x0,
Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE,
Peer Info Type=DIALPEER_INFO_SPEECH
072729: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ANSWER; Calling Number=1111
072730: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072731: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=1111T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072732: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Result=-1
072733: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072734: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ORIGINATE; Calling Number=1111
072735: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072736: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=1111T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072737: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Incoming Dial-peer=10 Is Matched
072738: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072739: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Result=Success(0) after DP_MATCH_ORIGINATE; Incoming Dial-peer=10
072740: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
072741: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeer:exit@6708
072742: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Calling Number=1111, Called Number=, Voice-Interface=0x0,
Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE,
Peer Info Type=DIALPEER_INFO_SPEECH
072743: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ANSWER; Calling Number=1111
072744: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072745: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=1111T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072746: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Result=-1
072747: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072748: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ORIGINATE; Calling Number=1111
072749: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072750: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=1111T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072751: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Incoming Dial-peer=10 Is Matched
072752: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072753: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Result=Success(0) after DP_MATCH_ORIGINATE; Incoming Dial-peer=10
072754: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
072755: Feb 21 08:55:28.307 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeer:exit@6708
072756: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Calling Number=1111, Called Number=002972599979917, Voice-Interface=0x0,
Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE,
Peer Info Type=DIALPEER_INFO_SPEECH
072757: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_VIA_URI; URI=sip:188.165.249.72:5071
072758: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072759: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072760: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Result=-1
072761: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:exit@6080
072762: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_REQUEST_URI; URI=sip:002972599979917@193.150.32.94
072763: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072764: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072765: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Result=-1
072766: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:exit@6080
072767: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_TO_URI; URI=sip:002972599979917@193.150.32.94
072768: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072769: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072770: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Result=-1
072771: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:exit@6080
072772: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_FROM_URI; URI=sip:1111@193.150.32.94
072773: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072774: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072775: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Result=-1
072776: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:exit@6080
072777: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_INCOMING_DNIS; Called Number=002972599979917
072778: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072779: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072780: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/MatchNextPeer:
Result=Success(0); Incoming Dial-peer=10 Is Matched
072781: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchPeertype:exit@6080
072782: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerCore:
Result=Success(0) after DP_MATCH_INCOMING_DNIS; Incoming Dial-peer=10
072783: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpMatchSafModulePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
072784: Feb 21 08:55:28.307 CET: //-1/5D0EB475B133/DPM/dpAssociateIncomingPeerSPI:exit@6659
072785: Feb 21 08:55:28.311 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_REQ
072786: Feb 21 08:55:28.311 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: dir:2, method:102, resp_code:0, container:8F30F23C
072787: Feb 21 08:55:28.311 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLPrintTDContainer: Peer-Event: E_STSL_LEG_BY_LEG, SE Value:0, SE Refresher:none, Min-SE Value:1800, flags:2000
072788: Feb 21 08:55:28.311 CET: //-1/5D0EB475B133/RXRULE/regxrule_stack_pop_RegXruleNumInfo: stack=0x8F30D78C; count=1
072789: Feb 21 08:55:28.311 CET: //-1/5D0EB475B133/RXRULE/regxrule_stack_pop_callinfo_internal: numinfo=0x8F574050
072790: Feb 21 08:55:28.311 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
072791: Feb 21 08:55:28.311 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:100, container:8F3113EC
072792: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_stack_push_RegXruleNumInfo_internal: stack=0x8F30D78C; count=1
072793: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: number=1111 type=unknown plan=unknown numbertype=calling
072794: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_get_RegXrule: Invalid translation ruleset tag=0
072795: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_match_internal: Error: ruleset for calling number not found
072796: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: No match: number=1111 type=unknown plan=unknown
072797: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: number= type=unknown plan=unknown numbertype=redirect-called
072798: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_get_RegXrule: Invalid translation ruleset tag=0
072799: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_match_internal: Error: ruleset for redirect-called number not found
072800: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: No match: number= type=unknown plan=unknown
072801: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: number=002972599979917 type=unknown plan=unknown numbertype=called
072802: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: No match; number=002972599979917 rule precedence=1
072803: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: No match; number=002972599979917 rule precedence=2
072804: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: Skipping a call block rule; number=002972599979917 rule precedence=5
072805: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_match: Skipping a call block rule; number=002972599979917 rule precedence=10
072806: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_match_internal: No match found
072807: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/RXRULE/regxrule_profile_translate_internal: No match: number=002972599979917 type=unknown plan=unknown
072808: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_PROCEEDING
072809: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Calling Number=, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072810: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072811: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072812: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072813: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072814: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=0, saf_dndb_lookup=1, dp_result=0
072815: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072816: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Calling Number=, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072817: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072818: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072819: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072820: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072821: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=0, saf_dndb_lookup=1, dp_result=0
072822: Feb 21 08:55:28.315 CET: //-1/5D0EB475B133/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072823: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Calling Number=002972599979917, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072824: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072825: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072826: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072827: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072828: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=0, saf_dndb_lookup=1, dp_result=0
072829: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072830: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Calling Number=002972599979917, Called Number=, Voice-Interface=0x0,
Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE,
Peer Info Type=DIALPEER_INFO_SPEECH
072831: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ANSWER; Calling Number=002972599979917
072832: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072833: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072834: Feb 21 08:55:28.315 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Result=-1
072835: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072836: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ORIGINATE; Calling Number=002972599979917
072837: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072838: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072839: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Incoming Dial-peer=10 Is Matched
072840: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072841: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Result=Success(0) after DP_MATCH_ORIGINATE; Incoming Dial-peer=10
072842: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
072843: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeer:exit@6708
072844: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Calling Number=002972599979917, Called Number=, Voice-Interface=0x0,
Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE,
Peer Info Type=DIALPEER_INFO_SPEECH
072845: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ANSWER; Calling Number=002972599979917
072846: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072847: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072848: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Result=-1
072849: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072850: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Match Rule=DP_MATCH_ORIGINATE; Calling Number=002972599979917
072851: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:
Is Incoming=TRUE, Number Expansion=FALSE
072852: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=, Expanded String=, Calling Number=002972599979917T
Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH
072853: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Incoming Dial-peer=10 Is Matched
072854: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeertype:exit@6080
072855: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeerCore:
Result=Success(0) after DP_MATCH_ORIGINATE; Incoming Dial-peer=10
072856: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
072857: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpAssociateIncomingPeer:exit@6708
072858: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Calling Number=, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072859: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072860: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072861: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072862: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072863: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=0, saf_dndb_lookup=1, dp_result=0
072864: Feb 21 08:55:28.319 CET: //-1/xxxxxxxxxxxx/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072865: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Calling Number=, Called Number=002972599979917, Peer Info Type=DIALPEER_INFO_SPEECH
072866: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Match Rule=DP_MATCH_DEST; Called Number=002972599979917
072867: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchCore:
Dial String=002972599979917, Expanded String=002972599979917, Calling Number=
Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH
072868: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/MatchNextPeer:
Result=Success(0); Outgoing Dial-peer=10 Is Matched
072869: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchPeersCore:
Result=Success(0) after DP_MATCH_DEST
072870: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchSafModulePlugin:
dialstring=002972599979917, saf_enabled=1, saf_dndb_lookup=1, dp_result=0
072871: Feb 21 08:55:28.319 CET: //-1/5D0EB475B133/DPM/dpMatchPeersMoreArg:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=10
072872: Feb 21 08:55:28.319 CET: %CALL_CONTROL-6-MAX_CONNECTIONS: Maximum number of connections reached for dial-peer 10
072873: Feb 21 08:55:28.319 CET: %VOICE_IEC-3-GW: CCAPI: Internal Error (Dial-peer connections exceeded): IEC=1.1.181.1.21.0 on callID 11130 GUID=5D0EB4759A0411E3B133CA4C5AF21A6F
072874: Feb 21 08:55:28.323 CET: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_DISCONNECT
072875: Feb 21 08:55:28.323 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
072876: Feb 21 08:55:28.323 CET: //11130/5D0EB475B133/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:500, container:8F30EAAC
072877: Feb 21 08:55:28.323 CET: //11130/5D0EB475B133/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 188.165.249.72:5071;branch=z9hG4bK-d7b1fe31272c9f6b938545f32272feae;rport
From: 1111<sip:1111@193.150.32.94>;tag=620e6ab0
To: 002972599979917<sip:002972599979917@193.150.32.94>
Date: Fri, 21 Feb 2014 07:55:28 GMT
Call-ID: d7b1fe31272c9f6b938545f32272feae
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-15.3.2.T1
Content-Length: 0
072878: Feb 21 08:55:28.323 CET: //11130/5D0EB475B133/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 500 Internal Server Error
Via: SIP/2.0/UDP 188.165.249.72:5071;branch=z9hG4bK-d7b1fe31272c9f6b938545f32272feae;rport
From: 1111<sip:1111@193.150.32.94>;tag=620e6ab0
To: 002972599979917<sip:002972599979917@193.150.32.94>;tag=CA5471C-EF1
Date: Fri, 21 Feb 2014 07:55:28 GMT
Call-ID: d7b1fe31272c9f6b938545f32272feae
CSeq: 1 INVITE
Allow-Events: telephone-event
Warning: 399 193.150.32.94 "Maximum Number of Connections reached"
Server: Cisco-SIPGateway/IOS-15.3.2.T1
Reason: Q.850;cause=44
Content-Length: 0
- Labels:
-
Unified Communications
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:04 AM
Why don't you configure "ip trusted list" under "voice service voip" configuration? Is that going to help you?
HTH,
Dragan
Dragan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:15 AM
Unfortunately I have SIP clients coming in from the outside on dynamic IPs. (another dial-peer with authentication that i omitted)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:20 AM
Could you post running config? Or maybe that specific dial-peer? Are thosw SIP client registered on your CME system?
HTH,
Dragan
Dragan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:23 AM
Here you go, however it is shutdown until I am able to solve the security issue with dial-peer 10.
dial-peer voice 2 voip
description **Outgoing Call to SIP Trunk**
shutdown
destination-pattern T
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp ef signaling
no vad
authentication username xxxxxxxxx password 7 xxxxxxxxxxx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:27 AM
And SIP client which you must allow in - are they registered on your CME system?
I have problem to understand why can't you configure "ip trusted list" on your system
HTH,
Dragan
Dragan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 05:28 AM
No they are not registered, however they need to be able to place outgoing calls every now and then. (with the help of username & password).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 06:29 AM
Can you show me a path how those, external or whatever, SIP clients are using your CME system? They come in throw your existing SIP trunk or something else? What exactly is your scenario?
You are using SIP trunk with some SIP provider for incoming/outgoing calls?
HTH,
Dragan
Dragan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 06:34 AM
This is kinda besides the point but sure:
Internal registered phones dial out through a SIP trunk via my SIP provider (phonzo) (via dial-peer 10)
External clients use my CME as SIP provider and should also dial out via phonzo.
However none of this is a problem. Everything works great. The issue at hand is stopping hackers from using dial-peer 10 to get free calls (without using access-lists or ip trusted list).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 06:46 AM
Well beside deep playing with translations, this 2 came on my mind:
- permit hostnames in SIP (
- SIP in conjuction with AAA (
HTH,
Dragan
Dragan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 06:54 AM
So what you are saying is that neither a translation-profile with reject or a call-block would be able to solve this? (only allow incoming calls on dial-peer 10 with destination 2001 or 2002)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2014 07:01 AM
It depends on SIP implementation...it could solve but I can't tell pretty sure because I don't know your environment.
You see - some SIP providers implementations require that for inbound calls you have TCL scripst on router and some not
My opinion is that you can achieve what you want with translations but can't help much without deep knowledge about your environment...
HTH,
Dragan
Dragan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: