Solved: Reason: Q.850;cause=63

Aleksandar Nikolic · ‎10-03-2012

Hi , I have a problem with fraud prevention (at least I think I have) When I perform debug ccsip messages I receive Reason: Q.850;cause=63. I googled it a bit and I found that it is part of Fraud prevention. So part of the configuration is like this :

voice source-group CCA_SIP_SOURCE_GROUP_CUE_CME

access-list 2

translation-profile incoming SIP_Incoming

!

voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL

access-list 4

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL_INTERNAL

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 192.168.10.1

access-list 2 permit 10.1.10.0 0.0.0.3

access-list 2 permit 192.168.10.0 0.0.0.255

access-list 2 permit 10.1.1.0 0.0.0.255

!

access-list 4 remark CCA_SIP_SOURCE_GROUP_ACL_EXTERNAL

access-list 4 remark SDM_ACL Category=1

access-list 4 permit 212.50.190.100

access-list 4 deny any

212.50.190.100 - this is voip provider IP

The problem I have is that sip is registered, I can make calls outside, but I cannot receive them . Please help, this is urgent !

Thank you very much

bkwon · ‎10-03-2012

if you say that this is urgent, you might remove

voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL for temporary, and then you have to check with SIP provider that they will use multiple ip address for a SIP call like using different ip address for RTP stream.

when you get the ip address and add it to access-list 4 with 212.50.190.100

View solution in original post

bkwon · ‎10-03-2012

if you say that this is urgent, you might remove

voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL for temporary, and then you have to check with SIP provider that they will use multiple ip address for a SIP call like using different ip address for RTP stream.

when you get the ip address and add it to access-list 4 with 212.50.190.100

Aleksandar Nikolic · ‎10-03-2012

I added earlier access policy 2 . Now there is no error any more but I receive busy tone. .. I will disable temp. this source group. Thanks.

bkwon · ‎10-04-2012

FYI, access-list 2 is for internal SIP source and acess-list 4 is for external SIP source. you dont need to add 'provider-ip' to acl 2.

Aleksandar Nikolic · ‎10-04-2012

Hi, thank you for your reply,I deleted from acl2 provider IP address and disabled EXTERNAL voice source policy. After I disabled everything was operational ! But this means that I don't have fraud protection or not ? I configured also

UC540#show ip address trusted list

IP Address Trusted Authentication

Administration State: UP

Operation State: UP

IP Address Trusted Call Block Cause: call-reject (21)

VoIP Dial-peer IPv4 Session Targets:

Peer Tag Oper State Session Target

-------- ---------- --------------

2000 UP ipv4:10.1.10.1

1003 UP ipv4:10.1.10.1

1005 UP ipv4:10.1.10.1

1009 UP ipv4:10.1.10.1

IP Address Trusted List:

ipv4 10.1.1.0 255.255.255.0

ipv4 212.50.190.0 255.255.255.0

ipv4 10.1.10.0 255.255.255.252

ipv4 0.0.0.0 0.0.0.0

bkwon · ‎10-04-2012

there are 2 way of toll fraud

1. source group

2. ip address trusted authentication

you removed external soruce group, and your ip address trusted authentication allow all, becuase of ipv4 0.0.0.0 0.0.0.0.

which means you dont have toll fraud protect for now.

again, you have to check with your providers about anyother SIP server addess other than 212.50.190.100. and use one of above toll fraud protection.

or, you can put wireshark(packet capture) in fornt of UC500 and you can see the all the ip address from SIP providers.

paolo bevilacqua · ‎10-05-2012

again, you have to check with your providers about anyother SIP server addess other than 212.50.190.100. and use one of above toll fraud protection.

or, you can put wireshark(packet capture) in fornt of UC500 and you can see the all the ip address from SIP providers.

No need to ask anybody or do packet capture. Just look at the SDP portion of INVITE, that will tell the media address.

bkwon · ‎10-05-2012

good point :-)