A new feature has been introduced in Cisco IOS® Software Release 15.1(2)T to guard against the incidence of toll-fraud on Voice GateWays (VGWs) installed with Cisco IOS. Starting with IOS 15.1(2)T and newer releases of IOS based on this version, the toll-fraud prevention settings are the default behavior of Cisco IOS-based VGWs.
For all IOS releases before 15.1(2)T, the default behavior for IOS voice gateways is to accept call setups from all sources. As long as voice services are running on the router, the default configuration will treat a call setup from any source IP address as a legitimate and trusted source to set a call up for. Also, FXO ports and inbound calls on ISDN circuits will present secondary-dial tone for inbound calls, allowing for two-stage dialing. This assumes a proper inbound dial-peer is being matched.
Starting with 15.1(2)T, the router’s default behavior is to not trust a call setup from a VoIP source. This feature adds an internal application named TOLLFRAUD_APP to the default call control stack, which checks the source IP of the call setup before routing the call. If the source IP does not match an explicit entry in the configuration as a trusted VoIP source, the call is rejected.
The following command is enabled:
voice service voip ip address trusted authenticate Additional valid ip addresses can be added via the following command line: voice service voip ip address trusted list ipv4 <ipv4-address> [<ipv4 network-mask>]
If Toll fraud is blocking the call then you will have Q.850 disconnect cause code with value of 21.
%VOICE_IEC-3-GW: Application Framework Core: Internal Error (Toll fraud call rejected):
IEC=126.96.36.199.31.0 on callID 3 GUID=F146D6B0539C11DF800CA596C4C2D7EF
000183: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallSetContext:
000184: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/cc_process_call_setup_ind:
>>>>CCAPI handed cid 3 with tag 1002 to app “_ManagedAppProcess_TOLLFRAUD_APP”
000185: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallDisconnect:
Cause Value=21, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=0)
How you can return back to pre-15.1(2) IOS behaviour?
voice service voip
no ip address trusted authenticate
To authenticate all sources for VoIP calls:
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
More can be read from Cisco Technote.