Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Implement Direct Inward System Access (DISA) in VoIP Environment

Hi,

May i know, is it possible to implement DISA Call in VoIP environment. If yes, how we can make it? Is it some configuration in CE Router at SRST Sites or CE Router at Main Sites? Also can you give me the information how to implement it?

As I understand DISA (Direct Inward System Access) allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch. Frequently the user calls a number DISA number with invokes the DISA application. The DISA application in turn requires the user to enter his passcode, followed by the pound sign (#). If the passcode is correct, the user will hear dialtone on which a call may be placed.

Please advise me as soonest.

Thanks in advanced

Rgds,

Izazi Zainy

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Giving users access to system dial tone via DISA is a security hole on PBX's and VOIP system so be careful how you use it. The following note describes how to use a TCL script and audio prompts to allow a user to call in and authenticate via an account number and PIN before they can dial an internal number. This will allow basic DISA type functions on a H323 gateway. Obviously you would also want to log the details of who made the call and when they made it, so syslog VOIP accounting is enabled to send a CDR to a syslog server.

We use an inbuilt TCL script that is inbuilt in IOS called 'clid_authen_collect'. This script authenticates the call with the ANI (Calling number) and DNIS (Called number) of the incoming call, or if this fails, it then prompts the user to enter an account number and then a PIN number. Since the call is coming in on an FXO (or FXS) port, there is no associated ANI and DNIS, so the script immediately prompts the user for the account number and PIN. We do the authentication by a local 'username XXX password YYY' command in the router config. The user keys in the account code and PIN (can use the # as a string terminator to speed the process up and if the values entered match a local username and password, it then prompts for the user to enter the actual destination telephone number.

I have also enabled syslog accounting for call detail records, so when the call completes you get a basic record of the called number and durations. If they wanted to use a full blown AAA server, they could run the authentication from this and this way keep a full log of all users calling in, and it would also log the CDR's for billing etc ...

The router needs the following audio .AU files on the flash memory :

Test#sh flash

System flash directory:

File Length Name/status

1 14097360 c2600-is-mz.122-11.T.bin

2 14150 enter_account.au

3 14869 auth_fail_retry.au

4 11510 enter_pin.au

5 52644 enter_destination.au

[14190860 bytes used, 2062068 available, 16252928 total]

16384K bytes of processor board System flash (Read/Write)

Test#

(obviously needs the IOS image but the important files are the audio prompts)

The .au files are the audio prompts that the IVR plays. These are in Sun/Next audio 64Kbps G711ulaw audio format. Use an audio editor to create the files and save them in this format.

When a call comes in on FXO port 1/0/0, you will hear a prompt to enter the account code. Key in the account number, followed by a #, then key in the PIN , followed by #. The caller will be prompted to enter the destination phone number, and this is matched on any subsequent voip or pots dial peers.

Configured user account numbers/passwords are 1000/1000 and 1001/1001

Refer to the attachment for the full router configs. Hope this helps.

14 REPLIES
Silver

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Giving users access to system dial tone via DISA is a security hole on PBX's and VOIP system so be careful how you use it. The following note describes how to use a TCL script and audio prompts to allow a user to call in and authenticate via an account number and PIN before they can dial an internal number. This will allow basic DISA type functions on a H323 gateway. Obviously you would also want to log the details of who made the call and when they made it, so syslog VOIP accounting is enabled to send a CDR to a syslog server.

We use an inbuilt TCL script that is inbuilt in IOS called 'clid_authen_collect'. This script authenticates the call with the ANI (Calling number) and DNIS (Called number) of the incoming call, or if this fails, it then prompts the user to enter an account number and then a PIN number. Since the call is coming in on an FXO (or FXS) port, there is no associated ANI and DNIS, so the script immediately prompts the user for the account number and PIN. We do the authentication by a local 'username XXX password YYY' command in the router config. The user keys in the account code and PIN (can use the # as a string terminator to speed the process up and if the values entered match a local username and password, it then prompts for the user to enter the actual destination telephone number.

I have also enabled syslog accounting for call detail records, so when the call completes you get a basic record of the called number and durations. If they wanted to use a full blown AAA server, they could run the authentication from this and this way keep a full log of all users calling in, and it would also log the CDR's for billing etc ...

The router needs the following audio .AU files on the flash memory :

Test#sh flash

System flash directory:

File Length Name/status

1 14097360 c2600-is-mz.122-11.T.bin

2 14150 enter_account.au

3 14869 auth_fail_retry.au

4 11510 enter_pin.au

5 52644 enter_destination.au

[14190860 bytes used, 2062068 available, 16252928 total]

16384K bytes of processor board System flash (Read/Write)

Test#

(obviously needs the IOS image but the important files are the audio prompts)

The .au files are the audio prompts that the IVR plays. These are in Sun/Next audio 64Kbps G711ulaw audio format. Use an audio editor to create the files and save them in this format.

When a call comes in on FXO port 1/0/0, you will hear a prompt to enter the account code. Key in the account number, followed by a #, then key in the PIN , followed by #. The caller will be prompted to enter the destination phone number, and this is matched on any subsequent voip or pots dial peers.

Configured user account numbers/passwords are 1000/1000 and 1001/1001

Refer to the attachment for the full router configs. Hope this helps.

Hall of Fame Super Gold

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Great info pacameron, I was to about to write about to suggest the same, but as I'm usually too scarce on words you did a much much better job, so I rated your port a '5'!

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

pacameron,

Many thanks. Will try out this first.

Rgds,

Izazi Zainy

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

You can also use IPCC Express for this. I have built a script that works similar.

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

tcatlinins,

Good to hear. But do you have a copy of that script?

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

I would be interested in your script also. It would be much more simple than implementing the new Voice Mobility option to gain DISA functionality.

Thanks!!!

Adam

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

is it possible to share the script if possible we have a similar requirement

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

I never received anything from the previous post, so I created my own script. Let me know if you are interested.

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

I would be interested in your script. Could you please send me a copy.

Thanks in advance

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Same here. Can you post it? Thanks.

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Here you go...

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

I actually modified a TCL IVR script to do a simple PIN check, but I'm very new at this and was wondering if anyone knew how I can pass a parameter from the CLI to set the pin. The way I will have to do it with this script is to upload a new script every time I have to change the PIN.

Thanks.

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Here's a better script.

New Member

Re: Implement Direct Inward System Access (DISA) in VoIP Environ

Just come across this page, i would give it thumbs up.

however, how can I use PRI interface instead of FXO?

If user call that particular number, then it will be use as a voice forwarder...

Kindly assisted.

2628
Views
15
Helpful
14
Replies