If you work on Cisco IPT environments, you have probably ran into a situation where you wanted to make a call through a gateway to test the PSTN connectivity, test translation-profiles or as a process of elimination, you wanted to eliminate the CUCM cluster.  The Xlite SIP softphone is a great tool for such tests. You can make calls through an IOS gateway without making any new configuration changes to the gateway itself or to the CUCM cluster.

 

 

 

Cisco gateways automatically allow calls from H.323 or SIP peers without authentication. So, basically, you configure your xlite softphone to use the ip address of the gateway as the domain and disable sip registration. Make the following changes to your xlite softphone and test an outbound call. It works great and very simple.

 

 

XLite Settings

  1. Open Xlite
  2. Right-Click on the softphone and select ‘SIP Account Settings’
  3. Highlight Acct #1  and click ‘Properties’
  4. Enter a display name and username
  5. Enter the IP address of the gateway in the ‘Domain’ Field
  6. Uncheck ‘Register with domain and receive incoming calls’
  7. Click ‘Ok’
  8. Click ‘Close’ to close the SIP account properties
  9. Dial a number

 

 

Enable CUBE functionality if you want to test a voip dial-peer

 

voice service voip
allow-connections sip to sip
allow-connections sip to h323
allow-connections h323 to h323

 

Gateway Security
This leads me to the second point of this post…. Toll Fraud. The idea of using a softphone to easily test your gateways without having to make any changes is cool but not very secure. Actually, its something many voice engineers never think about. If your gateways are behind a firewall, it does not present as much of a risk, but it still presents a risk. If your gateways are connected to the public internet without access-lists or firewalls, you are running a very big risk and you  need to get this resolved asap.

 

The access-list below allows sip and h323 traffic from the Call Manager only (10.10.10.10)

ip access-list extended firewall
permit udp host 10.10.10.10 any range 5060 5061
permit tcp host 10.10.10.10 any range 1720 1721
deny udp any any range 5060 5061 log
deny tcp any any range 5060 5061 log
deny tcp any any range 1720 1721 log
permit ip any any

!
interface FastEthernet0/0
ip access-group firewall in

 

 

Be Sociable, Share!