Cisco Cisco Expressway
Expressway-C
This example shows how to configure the Expressway-C to stop calls coming in via the gateway from being
able to route calls back out of the gateway. This is done by loading some specially constructed CPL onto the
Expressway-C and configuring its Call policy mode to use Local CPL.
able to route calls back out of the gateway. This is done by loading some specially constructed CPL onto the
Expressway-C and configuring its Call policy mode to use Local CPL.
Creating a CPL file
The CPL file to be uploaded onto the Expressway can be created in a text editor.
Here are 2 example sets of CPL. In these examples the “GatewayZone” is the neighbour zone to the ISDN
gateway:
gateway:
This example CPL excludes any checking of whether the calling party is authenticated or not:
<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<taa:rule-switch>
<!--Check that gateway is not hairpinning call - Neighbor zone -->
<taa:rule originating-zone="GatewayZone" destination="9.*">
<!-- Calls coming from the gateway may not send calls back out of this gateway -->
<!-- Reject call with a status code of 403 (Forbidden) -->
<reject status="403" reason="ISDN hairpin call denied"/>
</taa:rule>
<taa:rule origin=".*" destination=".*">
<!-- All other calls allowed -->
<proxy/>
</taa:rule>
</taa:rule-switch>
</taa:routed>
</cpl>
This example CPL also ensures that the calling party is authenticated:
<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<taa:rule-switch>
<!-- Check that calling party is authenticated -->
<taa:rule authenticated-origin="" destination="9.*">
<!-- Reject call with a status code of 403 (Forbidden) -->
<reject status="403" reason="ISDN call denied as unauthenticated caller"/>
</taa:rule>
<!-- Check that gateway is not hairpinning call - Neighbor zone -->
<taa:rule originating-zone="GatewayZone" destination="9.*">
<!-- Calls coming from the gateway may not hairpin and send calls back out -->
<!-- Reject call with a status code of 403 (Forbidden) -->
<reject status="403" reason="ISDN hairpin call denied"/>
</taa:rule>
Cisco Expressway Basic Configuration Deployment Guide (X8.6)
Page 34 of 57
Optional configuration tasks