03-23-2021 10:28 AM
Hi everyone.
I have a proble with my VoIP solution: users everywhere (INTRANET) can make outgoing calls through my PSTN trunk.
How can I block this type of call?
Solved! Go to Solution.
03-24-2021 02:41 AM - edited 03-24-2021 03:14 AM
In your case likely CoR would be most applicable. I would suggest that you make these changes and give it a try.
voice service voip ip address trusted list ipv4 10.32.10.1 ! voice class uri REMOTE sip host 10.32.10.1 ! dial-peer cor custom name PSTN name Internal ! dial-peer cor list callPSTN member PSTN ! dial-peer cor list callInternal member Internal ! dial-peer voice 10 voip description Incoming Dial Peer from Remote session protocol sipv2 incoming uri via REMOTE cor incoming callInternal voice-class codec 1 dtmf-relay rtp-nte no vad ! dial-peer voice 1 pots corlist outgoing callPSTN
Please note that I'm not a big user of CoR, so it might not be 100% correct so please look it through and test it out before you leave it in. As far as the documentation have it if you don't have inbound CoR defined, as for the internal CME phones, the call should be allowed to all, even if a dial peer has a CoR set for the outbound direction, just as the PSTN dial-peer have in my example.
With this there should be no limitation for your own endpoints to make calls, but anything that is matched against the new dial peer for inbound calls from the remote router would be limited to only call internal. The inbound match for this is made with content of the VIA header in the invite as that is a better way to control that the correct inbound dial peer is matched.
03-23-2021 10:56 AM
I want this:
03-23-2021 11:29 AM
I need to ask the obvious, if you do not want to have external call capability in router A why do you have a 0T dial peer in the first place?
There are various different options for how to restrict calls in IOS. Advice you to read up on CoR or DPG and inbound outbound dial peer routing in general. This is my most recommended document for IOS call routing. https://www.cisco.com/c/en/us/support/docs/voice/ip-telephony-voice-over-ip-voip/211306-In-Depth-Explanation-of-Cisco-IOS-and-IO.html
03-23-2021 12:15 PM
Hello.
Remote users need to make calls to my VoIP network. But I have no management over the remote router (A).
So, I need to prevent the remote administrator from forwarding such calls to "see what happens".
I will read the suggested documentation.
Thank's a lot.
03-24-2021 02:34 AM
To do this configuration without changing router A, you first need to confirm that your CME dial peer 2 is being used only for calls from router A. Once that's confirmed there are a few ways you can play it. Class of Restriction could be configured so that calls received on that DP can only route to certain other DPs. However you'd need to configure that throughout your CME so as not to block your local devices.
A possible rather dirty way would be to apply a call blocking profile to your dial peer 2, blocking everything except calls to your local extensions.
03-24-2021 02:41 AM - edited 03-24-2021 03:14 AM
In your case likely CoR would be most applicable. I would suggest that you make these changes and give it a try.
voice service voip ip address trusted list ipv4 10.32.10.1 ! voice class uri REMOTE sip host 10.32.10.1 ! dial-peer cor custom name PSTN name Internal ! dial-peer cor list callPSTN member PSTN ! dial-peer cor list callInternal member Internal ! dial-peer voice 10 voip description Incoming Dial Peer from Remote session protocol sipv2 incoming uri via REMOTE cor incoming callInternal voice-class codec 1 dtmf-relay rtp-nte no vad ! dial-peer voice 1 pots corlist outgoing callPSTN
Please note that I'm not a big user of CoR, so it might not be 100% correct so please look it through and test it out before you leave it in. As far as the documentation have it if you don't have inbound CoR defined, as for the internal CME phones, the call should be allowed to all, even if a dial peer has a CoR set for the outbound direction, just as the PSTN dial-peer have in my example.
With this there should be no limitation for your own endpoints to make calls, but anything that is matched against the new dial peer for inbound calls from the remote router would be limited to only call internal. The inbound match for this is made with content of the VIA header in the invite as that is a better way to control that the correct inbound dial peer is matched.
03-24-2021 03:48 AM
Are we sure that the trunk between Router A and CME is SIP? We may need to match inbound DP by calling number. However it would be nice to see the full configuration(s) and detail of the dial plan.
03-24-2021 06:05 AM - edited 03-24-2021 06:53 AM
Good point @TONY SMITH No we do not have any information about the protocol. It was my assumption that it would be SIP, silly of me, I know that it's the MOAFU.
04-08-2021 07:18 AM
Hi.
First of all I would like to apologize for the delay in responding.
A case of illness in the family (COVID) took me away for a moment. But, thank God, everything is in order now.
Now, I want to thank you enormously for your contribution. I followed your suggestion and in preliminary tests it worked the way I wanted.
God bless you!
04-08-2021 08:09 AM - edited 04-08-2021 08:10 AM
Glad to hear that you managed to sort this out and most of all that all is well with you and your loved once. Thanks for letting us know that it worked for you.
03-24-2021 02:59 AM - edited 03-24-2021 02:59 AM
If you do need or want to have a CoR list on dial peer 2 you should be able to do with this.
dial-peer cor list callAll member PSTN member Internal ! dial-peer voice 2 voip cor incoming callAll incoming called-number .
03-23-2021 06:21 PM
if 2XXX is the extension range configured on CME, on router A dial-peer 10 change the destination pattern to 2XXX that's the easiest option.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide