Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
30
Helpful
11
Replies

Block calls from REMOTE to PSTN on CME

Go to solution
wrobynson
Level 1
Level 1

‎03-23-2021 10:28 AM

Hi everyone.

 

I have a proble with my VoIP solution: users everywhere (INTRANET) can make outgoing calls through my PSTN trunk.

 

voip_block.png

 

How can I block this type of call?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP
In response to wrobynson

‎03-24-2021 02:41 AM - edited ‎03-24-2021 03:14 AM

In your case likely CoR would be most applicable. I would suggest that you make these changes and give it a try.

voice service voip
 ip address trusted list
 ipv4 10.32.10.1
!
voice class uri REMOTE sip
 host 10.32.10.1
!
dial-peer cor custom
 name PSTN
 name Internal
!
dial-peer cor list callPSTN
 member PSTN
!
dial-peer cor list callInternal
 member Internal
!
dial-peer voice 10 voip
 description Incoming Dial Peer from Remote 
 session protocol sipv2
 incoming uri via REMOTE
 cor incoming callInternal
 voice-class codec 1
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 1 pots
 corlist outgoing callPSTN

Please note that I'm not a big user of CoR, so it might not be 100% correct so please look it through and test it out before you leave it in. As far as the documentation have it if you don't have inbound CoR defined, as for the internal CME phones, the call should be allowed to all, even if a dial peer has a CoR set for the outbound direction, just as the PSTN dial-peer have in my example.

image.png

With this there should be no limitation for your own endpoints to make calls, but anything that is matched against the new dial peer for inbound calls from the remote router would be limited to only call internal. The inbound match for this is made with content of the VIA header in the invite as that is a better way to control that the correct inbound dial peer is matched.



Response Signature


View solution in original post

11 Replies 11

Go to solution
wrobynson
Level 1
Level 1

‎03-23-2021 10:56 AM

I want this:

voip_block.png

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to wrobynson

‎03-23-2021 11:29 AM

I need to ask the obvious, if you do not want to have external call capability in router A why do you have a 0T dial peer in the first place?

There are various different options for how to restrict calls in IOS. Advice you to read up on CoR or DPG and inbound outbound dial peer routing in general. This is my most recommended document for IOS call routing. https://www.cisco.com/c/en/us/support/docs/voice/ip-telephony-voice-over-ip-voip/211306-In-Depth-Explanation-of-Cisco-IOS-and-IO.html



Response Signature


Go to solution
wrobynson
Level 1
Level 1
In response to Roger Kallberg

‎03-23-2021 12:15 PM

Hello.

Remote users need to make calls to my VoIP network. But I have no management over the remote router (A).

So, I need to prevent the remote administrator from forwarding such calls to "see what happens".

 

I will read the suggested documentation.

 

Thank's a lot.

 

Go to solution
TONY SMITH
Spotlight
Spotlight
In response to wrobynson

‎03-24-2021 02:34 AM

To do this configuration without changing router A, you first need to confirm that your CME dial peer 2 is being used only for calls from router A.  Once that's confirmed there are a few ways you can play it.  Class of Restriction could be configured so that calls received on that DP can only route to certain other DPs.  However you'd need to configure that throughout your CME so as not to block your local devices.

A possible rather dirty way would be to apply a call blocking profile to your dial peer 2, blocking everything except calls to your local extensions.

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to wrobynson

‎03-24-2021 02:41 AM - edited ‎03-24-2021 03:14 AM

In your case likely CoR would be most applicable. I would suggest that you make these changes and give it a try.

voice service voip
 ip address trusted list
 ipv4 10.32.10.1
!
voice class uri REMOTE sip
 host 10.32.10.1
!
dial-peer cor custom
 name PSTN
 name Internal
!
dial-peer cor list callPSTN
 member PSTN
!
dial-peer cor list callInternal
 member Internal
!
dial-peer voice 10 voip
 description Incoming Dial Peer from Remote 
 session protocol sipv2
 incoming uri via REMOTE
 cor incoming callInternal
 voice-class codec 1
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 1 pots
 corlist outgoing callPSTN

Please note that I'm not a big user of CoR, so it might not be 100% correct so please look it through and test it out before you leave it in. As far as the documentation have it if you don't have inbound CoR defined, as for the internal CME phones, the call should be allowed to all, even if a dial peer has a CoR set for the outbound direction, just as the PSTN dial-peer have in my example.

image.png

With this there should be no limitation for your own endpoints to make calls, but anything that is matched against the new dial peer for inbound calls from the remote router would be limited to only call internal. The inbound match for this is made with content of the VIA header in the invite as that is a better way to control that the correct inbound dial peer is matched.



Response Signature


Go to solution
TONY SMITH
Spotlight
Spotlight
In response to Roger Kallberg

‎03-24-2021 03:48 AM

Are we sure that the trunk between Router A and CME is SIP?  We may need to match inbound DP by calling number.  However it would be nice to see the full configuration(s) and detail of the dial plan.

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to TONY SMITH

‎03-24-2021 06:05 AM - edited ‎03-24-2021 06:53 AM

Good point @TONY SMITH No we do not have any information about the protocol. It was my assumption that it would be SIP, silly of me, I know that it's the MOAFU.



Response Signature


0 Helpful

Go to solution
wrobynson
Level 1
Level 1
In response to Roger Kallberg

‎04-08-2021 07:18 AM

Hi.

First of all I would like to apologize for the delay in responding.
A case of illness in the family (COVID) took me away for a moment. But, thank God, everything is in order now.
Now, I want to thank you enormously for your contribution. I followed your suggestion and in preliminary tests it worked the way I wanted.
God bless you!

Go to solution
Roger Kallberg
VIP
VIP
In response to wrobynson

‎04-08-2021 08:09 AM - edited ‎04-08-2021 08:10 AM

Glad to hear that you managed to sort this out and most of all that all is well with you and your loved once. Thanks for letting us know that it worked for you.



Response Signature


Go to solution
Roger Kallberg
VIP
VIP
In response to wrobynson

‎03-24-2021 02:59 AM - edited ‎03-24-2021 02:59 AM

If you do need or want to have a CoR list on dial peer 2 you should be able to do with this.

dial-peer cor list callAll
 member PSTN
 member Internal
!
dial-peer voice 2 voip
 cor incoming callAll
 incoming called-number .

 



Response Signature


Go to solution
Nithin Eluvathingal
VIP
VIP
In response to wrobynson

‎03-23-2021 06:21 PM

if 2XXX is the extension range configured on CME,  on router A dial-peer 10 change the destination pattern  to 2XXX that's the easiest option. 

 

 

 

 

 

 



Response Signature


0 Helpful
Customers Also Viewed These Support Documents