Out of Office Messages on CME

Announcements can be sent from a voice gateway (router) without the need to write complex gateway scripts or the use of CUE (Cisco Unity Express).

All you need is a VXML script and an audio file (I would suggest recorded in G729r8 format see future post of how to create these from the router too).


Create the vxml script which should contain something like the following:

<?xml version="1.0" encoding="iso-8859-1"?>
<vxml version="2.0">

Out Of Office Announcement
File Name : oooa.vxml
Description: Plays back an out of office announcement message


<var name="option"/>
<form id="main">
 <prompt><audio src="flash:oooa.au"/></prompt>

Upload this script along with the audio file (which I’ve called oooa.vxml and oooa.au) to the router flash. Then install the application by entering the following commands :

Router# conf t
Router(config)# application
Router(config-app)# service oooa flash:oooa.vxml
Router(config-app-param)# end
Router# wr mem

The next thing is to associate the service oooa with a dial-peer. This can be an in or an outbound dial-peer, my personal preference is inbound which is the example I’ll give. The being said to test this you need to generate an inbound call into the gateway. One thing that isn’t obvious from the documentation is that you can associate this with both pots and also voip dial-peers. The fact this it can be associated with voip is the reason I would record the message using g729r8 !

Router# conf t
Router(config)# dial-peer voice 3901 voip
Router(config-dial-peer)# incoming called-number 3901
Router(config-dial-peer)# service oooa
Router(config-dial-peer)# codec g729r8
Router(config-dial-peer)# end
Router# wr mem

(The default codec is g729r8 so the codec command is only included for completeness).
UPDATE: 22/06/2009 – On more recent version of IOS the default codec for ephone’s has been iLBC !

Now if a call arrives at this router using H323 looking for the number 3901 will have the message associated with oooa.au played to them.


This application really comes into it’s own if you call forward on busy no answer etc. However the problem is that for this type of application it must exist on the inbound dial peer. So if you are already in the call manager your are stuck. A simple solution to this is to create a dialpeer pointing at a loopback on the same router. The setup both a destination-pattern and also an incoming called-number the same and your problems are solved.

Router# conf t
Router(config)# interface Loopback 3901
Router(config-if)# ip address
Router(config-if)# dial-peer voice 3901 voip
Router(config-dial-peer)# incoming called-number 3901
Router(config-dial-peer)# destination-pattern 3901
Router(config-dial-peer)# session target ipv4:
Router(config-dial-peer)# dtmf-relay h245-alphanumeric
Router(config-dial-peer)# codec g729r8
Router(config-dial-peer)# no vad
Router(config-dial-peer)# end
Router# wr mem

A couple of gotcha’s I recently walked into if you have changed the default H323 port on this device from TCP 1720 (to TCP 1844 for example) you need to ensure that the session target is session target ipv4: otherwise it all looks fine but doesn’t work.

Cisco V3PN & QoS on ADSL Uk for VoIP

SoHo workers now share their lines with other PC’s in the house. The following is a config snippet from my router to provide some protection for my VoIP and business traffic.

! policy and classes to mark local incoming traffic
! whilst QoS pre-clasify should be used I have found it
! unreliable on certain IOS releases.  Also this allows us
! to be more specific about how we want to handle our traffic.
class-map match-all BIZAPPS1_VLAN1
 match access-group name BIZAPPS1    ! an acl to match biz apps
class-map match-all BIZAPPS2_VLAN1
 match access-group name BIZAPPS2    ! an acl to match biz apps
class-map match-all SCAVENGER_VLAN1
 match access-group name SCAVENGER   ! low priority stuff
policy-map VLAN1
  set dscp af21                      ! low drop probability
  set dscp af22                      ! med drop probability
  set dscp cs1
! Policy and Classes to on outbound connection
class-map match-all BIZAPPS
 match  dscp cs2  af21  af22  af23   ! all business aps
class-map match-any VOICE_SIG
 match  dscp cs3                     ! new dscp values signalling
 match  dscp af31                    ! old dscp value signalling
class-map match-all SCAVENGER
 match  dscp cs1                     ! unwanted traffic
class-map match-any IPCONTROL
 match  dscp cs6                     ! routing protocols etc
class-map match-all VOICE_RTP
 match  dscp ef                      ! voice packets
! Based on using no more than 30% for voice traffic this policy
! is enough for two voice calls (52k). DSL has a fixed uplink speed
! so I have used percentages to make carving up easier. Where a pipe
! which is likely to have speed changes it might be easier to use
! absolute 'bandwidth' statements to simplify calculations.
! NB: You cannot mix absolute and percentages in the same
! policy-map so decide up front what you are going to use.
policy-map V3PNWAN
 class VOICE_RTP
  priority 52 5348            ! 52k for 2 voice calls
 class VOICE_SIG
  bandwidth percent 5         ! 5% for call control traffic
  bandwidth percent 5         ! 5% for routing protocols etc
 class BIZAPPS
  bandwidth percent 30        ! 30% for business apps
  bandwidth percent 1         ! limit scavenger to 1%
  class class-default
! The device snippets are just enough info to show how the
! policys are applied and any other relevant settings.
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
 bandwidth 384                   ! your upstream speed
 pvc 0/38
 vbr-nrt 384 384                 ! your upstream speed
 tx-ring-limit 3                 ! tx-ring set to 3
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
 service-policy out V3PNWAN      ! associate to phys interface
interface Dialer0
 ip tcp adjust-mss 542           ! make tcp packets much smaller
interface Tunnel0
 qos pre-classify                ! allow acls based on pre-encrypted data

Good luck


Enable Caller-id globally on Cisco Unity Express (CUE)

By default Cisco Unity Express only reports the called number in your message for internal calls.

It’s quite simple to change this so that all calls (where a number is available) have their numbers reported.

Router# service-module service-enable 1/0 session
Trying 192.168.n.2, 2066 ... Open
se-192-168-n-2# conf t
se-192-168-n-2(config)# voicemail callerid
se-192-168-n-2(config)# end
se-192-168-n-2# wr mem
se-192.168-n-2# exit

Session closed

[Connection to 192.168.n.2 closed by foreign host]

Simple really.

Installing two site CME and a single CUE

We have two CME’s and a single shared CUE.



3002 – Phone 1
3003 – Phone 2
3200 – AA Script (outside scope)
3600 – Voicemail
3998 – MWI off
3999 – MWI on


3004 – Phone 1
3005 – Phone 2
3998 – MWI off
3999 – MWI on

on CME1 (Central)

voice service voip
allow-connections sip to h323
allow-connections h323 to sip
allow-connections h323 to h323

interface FastEthernet 0/0
ip address 192.168.n.1
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.n.1

interface service-engine 1/0
ip unnumbered FastEthernet0/0
service-module ip address 192.168.n.2
service-module ip default-gateway 192.168.n.1

ip route 192.168.n.2 Service-Engine 1/0

dial-peer voice 3600 voip
destination-pattern 3[126]00
session protocol sipv2
session target ipv4:192.168.n.2
incoming called-number 399[89]....
codec g711ulaw
no vad

dial-peer voice 3004 voip
destination-pattern 300[45]
voice-class h323 1
session target ipv4:cme2_ipaddress
dfmf-relay h245-alphanumberic
ip qos dscp cs3 signalling
no vad

dial-peer voice 3998 voip
destination-pattern 399[89]300[45]
session target ipv4:cme2_ipaddress

voicemail 3600

ephone-dn 1 dual-line
number 3002

ephone-dn 2 dual-line
number 3003

ephone-dn 3
number 3998....
mwi off

ephone-dn 4
number 3999....
mwi on

on CME2 (remote)

dial-peer voice 3002 voip
destination-pattern 300[23]
voice-class h323 1
session target ipv4:cme1_ipaddress
dfmf-relay h245-alphanumberic
ip qos dscp cs3 signalling
no vad

dial-peer voice 3998 voip
incoming called-number 399[89]....

voicemail 3600
mwi relay

ephone_dn 1
number 3004

ephone_dn 2
number 3005

ephone-dn 3
number 3998....
mwi off

ephone-dn 4
number 3999....
mwi on


1. The scope of this post only includes enough info to show CUE integration.

2. It is essential to control the codecs used to inbound and outbound calls. For this reason both the “destination-pattern” as well as the “incoming called-number” is defined on dial-peer 3600 on CME1. This is to ensure that calls coming from and going to CUE use codec g711ulaw.

3. For MWI to be passed between CME1 and CME2 you need to ensure that:

a) “allow-connections sip to h323” is configured inside “voice service voip” on CME1
b) “mwi relay” is configured in “telephony-service” on CME2

CUE Restore Factory Defaults

To restore factory defaults on Cisco Unity Express firstly take the module offline by typing “offline“, then when confirmed issue the “restore factory defaults” command.

An example follows :

Router# service-mode  service-engine 1/0
Trying 192.168.n.3, 2006 ... Open
se-192-168-n-3# offline
!!!WARNING!!!: If you are going offline to do a backup, it is recommended
that you save the current running configuration using the 'write' command,
prior to going to the offline state.

Putting the system offline will terminate all end user sessions.

Are you sure you want to go offline[n]? : y
se-192-168-n-3(offline)# restore factory default
!!!WARNING!!!: This operation will cause all configuration and data
on the system to be erased. This operation is not reversible.

Do you wish to continue[n]? : y
Restoring the system. Please wait .....done
System will be restored to factory default when it reloads.

Press any key to reload:

System reloading ....

INIT: Sending processes the TERRestarting system.

-- SNIP --

INIT: Entering runlevel: 2
********** rc.post_install ****************

IMPORTANT::    Welcome to Cisco Systems Service Engine
IMPORTANT::     post installation configuration tool.
IMPORTANT:: This is a one time process which will guide
IMPORTANT:: you through initial setup of your Service Engine.
IMPORTANT:: Once run, this process will have configured
IMPORTANT:: the system for your location.
IMPORTANT:: If you do not wish to continue, the system will be halted
IMPORTANT:: so it can be safely removed from the router.

Do you wish to start configuration now (y,n)?

Once this has completed you proceed to setup the hostname, whether to use dns and ntp settings. After this configuration the booting process can take quite some time !

Cisco ISDN2e VIC2-2BRI-NT/TE configuration issues.

Here follows the ISDN2e specific config for a gateway connected in the Uk with DDI. An assuption is made that the DDI range is : 03333 567890 – 03333 567899 and that the internal extensions would be 3000 – 3009. In addition to this calls to the PSTN will be presented with full DDI of the calling extension.

Two very important things to be aware of when connecting ISDN2e in the Uk.

1. BT by default only present that last 6 digits on inbound DDI

2. The default companding type is u-law so you need to set it to a-law manually.

Translation-rule 1 is used to convert from the inbound DDI presentation to the internal extension number.

Translation-rule 2 is used to re-write the calling number to add a leading 9 (and the missing 0). So that a user can return the call directly from a list without editing the number.

Translation-rule 3 is used to map back from the extension to the full external DDI number.

Dial-peer 10 is used to control incoming calls (we don’t like defaults dialpeer zero).

I Have split up the outbound dial-peers so that COR (class of restriction) can be applied if we wish to.

isdn switch-type basic-net3

voice service pots
 supported-language UK

voice translation-rule 1
 rule 1 /^56789(.)$/ /3001/

voice translation-rule 2
 rule 1 /^0/ /900/
 rule 2 /^1/ /901/
 rule 3 /^2/ /902/
 rule 4 /^3/ /903/
 rule 5 /^4/ /904/
 rule 6 /^5/ /905/
 rule 7 /^6/ /906/
 rule 8 /^7/ /907/
 rule 9 /^8/ /908/
 rule 10 /^9/ /909/

voice translation-rule 3
 rule 1 /300(.)$/ /03333567891/

voice translation-profile FROM_PSTN
 translate calling 2
 translate called 1

voice translation-profile TO_PSTN
 translate calling 3

interface BRI0/2/0
 description ** ISDN - DDI RANGE 03333 567890 - 9 **
 no ip address
 isdn switch-type basic-net3
 isdn point-to-point-setup
 isdn incoming-voice voice
 isdn static-tei 0

voice-port 0/2/0
 compand-type a-law
 cptone GB

dial-peer voice 10 pots
 description *** For inbound calls from PSTN ***
 translation-profile incoming FROM_PSTN
 preference 1
 incoming called-number .
 port 0/2/0
 forward-digits all
dial-peer voice 9 pots
 description *** Local Calls ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 9[1-9]T
 port 0/2/0
dial-peer voice 9011 pots
 description *** National Calls ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 90[1-6]T
 port 0/2/0
 prefix 0
dial-peer voice 907 pots
 description *** Calls to Mobiles ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 907T
 port 0/2/0
 prefix 07
dial-peer voice 907 pots
 description *** Calls to None Geographical Numbers ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 908T
 port 0/2/0
 prefix 08
dial-peer voice 909 pots
 description *** Premium Rate Calls ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 909T
 port 0/2/0
 prefix 09
dial-peer voice 900 pots
 description *** Internation Calls ***
 translation-profile outgoing TO_PSTN
 preference 1
 destination-pattern 900T
 port 0/2/0
 prefix 00

A combination of either CME or Call Manager/SRST configuration needs to be added to make more use of this configuration.

Skinny CCIE IP Nat Problem [not]resolved

As mentioned in my profile I am studying for my CCIE Voice Lab exam. Well I have been plagued by a problem with phones not registering when using Rented Lab Kit and physical IP phones in my home POD.

My POD is connected to the Rented Lab Equipment over an encrypted link that is also NAT’d.


One of the guys from Cisco who was also studying for the exam recommended sticking to IOS 12.4 mainline. As the issue shouldn’t exist within these IOS train. Unfortuately I use a Cisco 1801 router for my connection to the Internet and there is no IOS 12.4 mainline available for it. After some experimentation I discovered that with some of the special releases solved this problem but also created others. Which basically meant keeping 4 different versions of IOS on the routers flash and switching between them depending on what I am doing.

I have just run Wireshark on a PC attached to the back of one of the phones that wasn’t registering and pulled a capture. What appears to be happening is that :

1. The phone issues a SKINNY SoftKeyTemplateReqMessage.
2. There then follows three TCP Retransmissions of SoftKeyTemptateReqMessage
3. A Skinny KeepAliveMessage
4. Two more TCP Retransmissions of SoftKeyTemplateReqMessage
5. The connection is reset.

It’s like these TCP packets are not getting through to the server which is very reminisent of an MTU/Fragmentation problem.

I’ve done some more digging in the Cisco advisories and stumbled across the following :


This advisory indicates that in IOS Version 12.4(6)T NAT SKINNY fragmentation support was introduced. It advises that there is a vunerability in relation to memory allocation. Which can manifest as a DoS expoitation.

Wondering whether the issue advised was related to the issue I have. Considering I also have introduced Crypto into the mix.  The workaround is to disable Skinny NAT ALG support on port 2000.

Router(config)# no ip nat service skinny tcp port 2000

I’ve got some additional digging to do but on the face. Once this is done smart inspection of the SKINNY packet isn’t performed by the router so it’ neccessary to also open UDP ports for the voice calls to proceed.

So you can have the phones registering correctly – but no audio path.

I have subsequently gone back to IOS version 12.4-15.XY5.

Router#show hardw
Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(15)XY5, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 18-Dec-08 18:44 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)

Router uptime is 10 hours, 45 minutes
System returned to ROM by reload at 04:02:37 BST Thu May 7 2009
System restarted at 04:03:25 BST Thu May 7 2009
System image file is "flash:c180x-advipservicesk9-mz.124-15.XY5.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco 1801 (MPC8500) processor (revision 0x400) with 105472K/25600K bytes of memory.
Processor board ID FCZ1048121H, with hardware revision 0000

9 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
125952K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102

Updated 30/06/2009