Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

toll restriction on CME

I have an urgent need.

I have a site that has reported over 4000+ minutes of calls from our Mexico site to the Ukraine. I am running CME7.x and do not know how to set-up toll fraud/restrictions on outbound calls.

I need some help, point me in the right direction, to stop calls going to country code 380

How can this be done?

Can this be done?

Hall of Fame Super Gold

Re: toll restriction on CME

Is this site exposed to internet and SIP ?

If so, put an ACL to allow only the SIP peers you allow.


Re: toll restriction on CME

we are not running sip.

Site in mexico has 20 trunks,

controller E1 0/3/0

framing NO-CRC4

ds0-group 1 timeslots 1-15,17-20 type r2-digital r2-compelled ani

cas-custom 1

country telmex use-defaults

category 2

answer-signal group-b 1

we have DMVPN connection to HQ with Gatekeeper.

I am looking at Cisco site now talking about:


after-hours block pattern 1 91

after-hours block pattern 2 9011

after-hours block pattern 3 91900 7-24

Not sure if this is the best way to set this up or not.

Hall of Fame Super Gold

Re: toll restriction on CME

SIP is enabled by default, is the router directly connected to the internet ?

Re: toll restriction on CME

I suggest making this change:

voice service voip


call service stop

Hackers frequently scan for open TCP/UDP 5060. If your router has a voice-port in it, it will listen on these ports by default. Additionally, any incoming H323 or SIP call will match dial peer 0 by default, and then will be eligible to be routed out of your T1. By disabling SIP completely if you're not using it, you will mostly avoid this. Nearly every case I've seen of this has been SIP related even though the same thing is possible with H323. I suggest blocking TCP 1720 and UDP/TCP 5060 from the public, among other general security ports like 23 for telnet.



CreatePlease to create content