Incoming SIP

[amorales]

HI

I have a SIP account with a number at an external provider. I have an extension registerered with this SIP account so i want the incoming SIP call of the SIP account to be received by the extension.

Everytime i try to call the number of the SIP account i have : SIP/2.0 404 Not Found

Currently, i think i should check the "Route incoming SIP call to the call routing" and make some rules. But i am afraid of not being able to secure this entry. Is there a solution, maybe without checking this box ?

Best Regards,

[davrays]

You need to look on the SIP INVITE message which is received by your Quadro. See what you have in the "To" field.

If you see lets say, "123456789" in that field, you will need to add an extension which SIP user is "123456789". The incoming calls will be routed to that extension then.
There is no need to set the "Route incoming SIP call to the call routing" box in this case.

Best regards,
David

[BreeSoft]

Hello davrays,

What if you have more DIDs currently than you have extensions?
You cannot give one extension more than one user name.
So how do you handle having all the DIDs be directed to a single extension?

For example, I have added some extensions just to handle multiple DIDs.
Extension 801, main DID, no line assignment, UCF->00
Extension 802, fax DID, line 2 assignment
Extension 701, snom 320, 1 of 10 DID, IP Line 1 assignment
Extension 702, snom 320, 2 of 10 DID, IP Line 2 assignment
This lists 4 of the possible DIDs being used.

Look at extension 802.
Faxes are received perfectly.
AS LONG AS the Route all incoming SIP calls to call routing table is NOT checked.

What is wrong with this?
Anyone calling in and hitting the AA can dial extension 802 and the fax machine rings.
We do not want users dialing the extension 802 but we had to create it to get the fax to answer the fax DID.

We need a good sample INBOUND call route to show us how we could set up a fax DID inbound rule to direct inbound calls to the device attached to FXS #2.

Having user names assigned to extensions as you have said in this thread means that one would have to create an extension for EVERY DID and that just seems too cumbersome a task. Especially if the inbound DIDs are perfectly sequential.

Am I missing something here?

[KSComs]

Chance you can still achieve what you want by removing the fax as a valid range in your extension list... it doesnt need to be there.

In the Extensions managerment you can enter a number outside the range of your extensions ie have it as the full telephone number.

In the A/A it only allows for 2/3/4 digit dialling depending on your extension numbering...

In the DID field of your call routing put the full telephone number and point it to the extension of you guessed it .... the full telephone number...

In the call routing rules you can create a special rule lets say 11 with an NDS of 2 and prefix it with the full extension number of the fax and lock it down to PBX dialling only....

What this does is prevents anyone from dialling the fax number unless it is a registered extension.

I am sure there are easier ways of doing the same and it would be in the AA but heck the above should work as well...

Regards

Kevin

[BreeSoft]

Thank you for the tips.
I understand most of your reply.
Instead of extension 802 being named 802, we would name it the full fax DID.
This would definitely prohibit AA callers dialing the fax extension because we use 3-digit extension numbers.
Inbound callers will not be able to hit the fax via AA ever again.
That is perfect!

What I do not understand is:
I hear a lot about securing inbound calls by using the CRT but I see no samples of such.
With your sample of dialing 11, discarding 2, prefixing with the fax DID, and source filtering to PBX, that would not allow inbound call routes, only outbound via internal extensions.

Isn't it a good practice to secure the Quadro of all inbound traffic by making sure that both outbound and inbound calls meet a specific set of rules before being permittted to proceed?

I just want to understand this fully so that I can take full advantage of the Quadro.
I really want to learn how to create an inbound SIP rule in the CRT that directs inbound caller to proper extension/destination based on inbound DID. I do not want to have to use the extenstions table for all the different DIDs. I just figured an inbound call rule in the CRT could save much programming time.

What are your thoughts on all this?

[KSComs]

With your sample of dialing 11, discarding 2, prefixing with the fax DID, and source filtering to PBX, that would not allow inbound call routes, only outbound via internal extensions.

The above is ONLY for local extensions to dial the fax if it was needed .. ie ... a caller puts the wrong number in on their fax machine which rings your extension...

You answer the call and you think .. gosh .. someones sending a fax ... I will transfer it to the fax machine...

The number 11 would allow you to redirect it to the fax machine... so the caller doesnt have to call you to say hey whats your fax number...

The original DID number of the full fax number allows all external callers making calls to the fax to go direct to the fax machine....the rule for 11 doesnt stop them... it s purpose is ONLY to allow Pabx Extensions to transfer the calls to the fax instead of dialling the full number .... albeit a Speed Dial to the fax...

Re : CRT securing etc...

in the Call Routing tables - lets use my mobile number as an example of securing that number only allowing registered Extensions to dial that ...

So we create a Rule of :

0419650550 - NDS 0, type = IPPSTN ...

Make sure the - Filter on Source / Modify Caller ID is checked - this sets up the filtering rule for who is allowed to dial the route

On the third page of creating the rule you will notice the following

Source Filter / Modify Caller ID - Add Entry


This is where you need to lock the route down ... ie

Use PBX and either set it as * or you can put extension in this field in several ways which can be found in the help files...

This entry secures your system down from intruders...

The other thing is to use complex passwords for the IP Lines so that external users can not gain access. If you use IP filtering in your firewall rules that tightens it down to 99% there is always a way of someone finding a hack that could gain access but these types are very remote and would require your Lan users to inadvertently to open up your network or your ITSP being hacked ...

As you can determine from the above the Quadro is a robust and secure system as an IP system can be. Yes you can have encrypted SIP packets at the firewall and all of the intrusion detection programs running etc.. but this will inadvertently cause latency and sometimes might make IP communication fail due to the overhead.

Lets face it if someone wants to make a phone call and they cant get into your system, they will move along and try someones that is a lot easier...

Regards

Kev

[BreeSoft]

Forgive me, but I am not sure I follow you.
The sample above: dial 11, discard 2, prefix with fax DID..... was actually a repeat of what you told me originally. I was just basically repeating your suggestion.

I do understand your logic in creating the rule for PBX users to redirect fax tones to the fax machine and I find that very useful.

Could you also provide an actual CRT rule that would allow an inbound call coming to fax DID to be directed to the fax machine connected to FXS port #2? I just don't see how this can be done. Mainly because of the names of the fields in the call routing rule wizard. ie: Destination number pattern, destination type, host, etc. These make sense for outbound routes but for inbound routes, it is slightly confusing.

Can you offer me some sound inbound route ideas that would permit us to avoid the extensions management table entirely?

Thanks a lot for all your help. I do appreciate you taking the time....

[BreeSoft]

Hey Kev,

What is your take on the "Route all SIP calls to the call routing table" option?
When would it ever be useful?
I have created our outbound routes just as you have illustrated with source filtering, etc.
And that does provide much sense of security knowing that only authorized extensions are placing calls.
I just thought it would be nice to know exactly how the inbound routes can be defined and managed in the CRT.
I always try to learn every feature completely.

I am just curious as to why the option to route all SIP calls to the CRT would be needed if there is no clear way of defining the inbound routes.

[KSComs]

It is needed when you have a sanitised network ala private WAN that you control .. you can then open up the connectivity and make it easier for yourself...

Apart from that ... I would shudder to allow it open access...

Regards

Kev