Cisco IOS 15.1(2)T toll Fraud Feature Causing Lync Calls to Fail

So if you have upgraded you Cisco PSTN gateway lately you may have already run into this but for those that haven't this is something to be on the look out for. This was brought to my attention by a company I am helping move off their legacy PBX’s and on to Lync for telephony.

Cisco has added a new toll fraud feature into their ISR router code that blocks calls from untrusted endpoints. In the past you could point any mediation server at a Cisco ISR and as long as the correct outbound dial peer was in place it would route the call. This new feature now requires you to setup a trust list of servers or turn off the feature which is on by default.

“It is important to note that upgrading to 15.1(2)T will block all inbound VoIP call setups until the VGW is properly configured to trust these sources.”

http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a0080b3e123.shtml#t3

Having this feature on by default is not the greatest idea because I think it will catch a lot of people out but in all fairness someone should read the IOS release notes before deploying. As noted in the tech note provided by Cisco there are three ways to resolve this issue by either reverting back to pre 15.1(2)T behavior or embrace the new feature and configure it as designed.

Thanks to Eddie for mentioning this to me.

VoIPNorm

2 comments:

  1. I applaud Cisco for having the balls to turn this on by default. I've had a few cold calls from people asking me if I knew how to setup CUBE "securely" because they just got hit with a $20,000 phone bill :)

    ReplyDelete
  2. Hi Chris,

    I have no probelm with the feature, I think its a good one but turning it on by default and blocking all calls after an IOS upgrade is not a great idea for inplace deployments in my opinion. Its probably okay if you have one or two routers to upgrade and you realize this is the intented behaviour but I am guessing people wont unless educated. Also for larger deployments just wanting to upgrade IOS its an extra step if they want the feature turned on or not.

    Cheers
    Chris

    ReplyDelete

Note: Only a member of this blog may post a comment.