Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VCS Call policy - exclusion on a specific pattern

Hello All,

I am opening this topic to grab some info about call policy on the Cisco VCS running 7.x version.

In my case, I set up an ISDN GW that is used with the prefix "9".

Tto avoid any "Toll fraud" on my ISDN GW from the Public Internet, I set up a call policy on the VCS Expressway To answer by a "403/Deny by Policy" each attempt from a non-authenticated source dialing [9](.*)@<domain name or Public IP adresse of VCS Expressway>.

Hopefully it works perfectly.

But I am now facing another behaviour. My VCS dial plan is 9910XX...so it means that the MCU is using this range for Multiway as well.

When I am escalting a call to Multiway with a external and unknown participant, the Multiway send a SIP REFER to all the endpoint, inviting them to dial back 9910XX@<domain> to enter the ad-hoc conference.

But, it starts by 9, and Call Policy kick it out.

So, my question is, is there a way, on the Call Policy, to avoid call attemps starting by 9 from unknown source, except if it is inside a specific range (9910XX@<domain>) ?

I am a bit confuse, I don't know how to perform "exclusion" to a rule in the call policy.

Thanks a lot!

Cheers

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Gold

VCS Call policy - exclusion on a specific pattern

Gabriel,

if your ISDN Gateway is registering a prefix of 9, then this prefix should be owned exclusively by this gateway, you shouldn't allow other devices to use aliases starting with 9, and neither should Multiway. I'd recommend that you reconfigure Multiway and endpoints so that they use aliases starting with other digits.

- Andreas

4 REPLIES
Gold

VCS Call policy - exclusion on a specific pattern

Gabriel,

if your ISDN Gateway is registering a prefix of 9, then this prefix should be owned exclusively by this gateway, you shouldn't allow other devices to use aliases starting with 9, and neither should Multiway. I'd recommend that you reconfigure Multiway and endpoints so that they use aliases starting with other digits.

- Andreas

Cisco Employee

VCS Call policy - exclusion on a specific pattern

The call policy is design to process first match rule so you could setup policy to except call in specific range which listed above than the policy to reject all other call.

However as Andreas mention, if your ISDN GW directly registered on VCS using prefix of “9”, this prefix should be owned exclusively by ISDN Gateway.

Our recommendation is to change prefix or Endpoint alias assignment making sure to not overlap alias range.

Other method is

- Enable embedded gatekeeper on ISDN Gateway (if support), then create neighbor zone on VCS pointing to ISDN Gateway.

- Create search rule match for 99xx Endpoint alias range and target to local zone (or zone/subzone your endpoint registered)

- Create search rule match for prefix 9 and target to ISDN Gateway neighbor zone with lower priority than above search rule.

This allows keeping current alias assignment, but makes more complicate for VC deployment.

We strongly recommend redesigning the alias assignment.

New Member

VCS Call policy - exclusion on a specific pattern

Okay thanks you guys,

I was thinking about that, but I wanted to be sure if things were not possible.

So I will change the ISDN GW prefix.

Thanks for your help!

Gabriel

VCS Call policy - exclusion on a specific pattern

Might want to take a look at this too:

https://supportforums.cisco.com/message/3542518#3542518

/jens

Please rate replies and mark question(s) as "answered" if applicable.
1452
Views
0
Helpful
4
Replies
CreatePlease to create content