Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Securing 2600/h323 gateway from tollfraud...

Hi. I have a 2600 (12.1(5)) hooked in to my CM with a T1PRI for calls. I have found out that if you call our unpublished yet accessible incomming "DID" number from the outside, you get a local dialtone, and it allows for outgoing calls with the 9T destination pattern. Also, I think my dial-peers may be a bit messy... can anyone help me with them?

=============================

dial-peer voice 200 voip

destination-pattern 2..

progress_ind setup enable 3

session target ipv4:10.10.2.50

dtmf-relay cisco-rtp h245-signal h245-alphanumeric

codec g711ulaw

!

dial-peer voice 1 pots

destination-pattern 9T

!

dial-peer voice 600 voip

destination-pattern 6..

progress_ind setup enable 3

session target ipv4:10.10.2.50

dtmf-relay cisco-rtp h245-signal h245-alphanumeric

codec g711ulaw

!

dial-peer voice 2 pots

destination-pattern 9T

port 1/0:23

!

dial-peer voice 201 pots

incoming called-number 6..

direct-inward-dial

!

dial-peer voice 601 pots

incoming called-number 2..

direct-inward-dial

!

dial-peer voice 100 voip

destination-pattern 100

progress_ind setup enable 3

session target ipv4:10.10.2.50

dtmf-relay cisco-rtp h245-signal h245-alphanumeric

codec g711ulaw

!

dial-peer voice 101 pots

incoming called-number 1..

direct-inward-dial

=============================

Thanks,

-JDN

3 REPLIES
Community Member

Re: Securing 2600/h323 gateway from tollfraud...

Not sure what this is for:

>dial-peer voice 1 pots

>destination-pattern 9T

May be the cause of your dialtone upon calling the DIDs.

Seems unnecessary - try removing it.

You should only need one dial peer for incoming called numbers. Just set it to a single "." and leave the "direct-inward dial" statement. This should clean things up and get rid of your tollfraud issue as well. Unless you have matching DIDs in your Call Manager, you will get some kind of 'out of service' message when calling in.

Also, a VOIP peer with a destination pattern like [1-6].. would cover all three of your proposed VOIP peers.

Assuming you are using Call Manager and you have a multi-server cluster, don't forget a VOIP peer pointing to your 'backup' Call Managers.

Hope this helps...

Community Member

Re: Securing 2600/h323 gateway from tollfraud...

The problem is you are being too specific with the destination pattern.

The peers with destination pattern & incoming called number only covers 2... , 3... & 6... This leaves a gap whereby if a number outside these ranges is available on your PRI then it will not get DID to Call Manager. I would simplify to something like below and retry

dial-peer voice 1 pots

destination-pattern 9T

direct-inward-dial

port 1/0:23

!

dial-peer voice 100 voip

destination-pattern .T (This will catch all incoming calls)

progress_ind setup enable 3

session target ipv4:10.10.2.50

dtmf-relay cisco-rtp h245-signal h245-alphanumeric

codec g711ulaw

I would suggest

Community Member

Re: Securing 2600/h323 gateway from tollfraud...

Hi!

Since you have DID functionality from your PSTN the you can just define pots the handles your incoming call leg. Assuming, you get 4 digits from the PSTN and use this as local no. for your IP Phones, let say the digits you get from your PSTN varies from 83XX to 84XX.

You can configure you voice gateway something like this:

dial-peer voice 100 pots -----incoming pots----------

incoming called-number 83..

direct-inward-dial

port 1/0:23

dial-peer voice 200 pots ------incoming pots---------

incoming called-number 84..

direct-inward-dial

port 1/0:23

dial-peer voice 1000 voip ------voip dial-peer going to CCM------

destination-pattern 8...

session target ipv4:10.10.2.50

codec g711ulaw

progress_ind setup enable 3

dtmf-relay cisco-rtp h245-signal h245-alphaumeric

dial-peer voice 300 pots -------outgoing pots--------

destination-pattern 9T

port 1/0:23

This outgoing pots configured is just a simple one. You can create additional complicated ones based also on the route pattern that you configured in CCM.

Hope this further helps you.

Regards,

Sherwin

109
Views
0
Helpful
3
Replies
CreatePlease to create content