Per Cisco's explanation of the new Toll-Fraud Prevention Feature, a "trusted list" must be configured on the voice gateway so that the sources generating the VoIP call setups will be accepted.
Note: If you have "session target" defined within dial-peers that you currently use, those calls will be accepted even if no "trusted list" is defined.
Debug Example - Blocked Calldebug voice ccapi inout
%VOICE_IEC-3-GW: Application Framework Core: Internal Error (Toll fraud call rejected): IEC=22.214.171.124.31.0 on callID 3 GUID=F146D6B0539C11DF800CA596C4C2D7EF 000183: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallSetContext: Context=0x49EC9978 000184: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/cc_process_call_setup_ind: >>>>CCAPI handed cid 3 with tag 1002 to app "_ManagedAppProcess_TOLLFRAUD_APP" 000185: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallDisconnect: Cause Value=21, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=0)
Disable Toll-Fraud Prevention FeatureIf you need to quickly return your router to it's previous functionality after an upgrade, take one of these two paths:
- Configure the router to accept incoming call setups from all source IP addresses.
voice service voip ip address trusted list ipv4 0.0.0.0 0.0.0.0
- Disable the toll-fraud prevention application completely.
voice service voip no ip address trusted authenticate
Restore Two-Stage Dialing After Upgrade
If two-stage dialing is required, the following can be configured to return behavior to match previous releases.
For inbound FXO calls:voice service pots no direct-inward-dial isdn
voice-port <fxo-port> secondary dialtone