Toll-Fraud Prevention on Cisco Voice Gateways

Apr 3 18:06:31.532: //81/00F539C80300/CCAPI/cc_process_call_setup_ind:

>>>>CCAPI handed cid 81 with tag 0 to app "_ManagedAppProcess_TOLLFRAUD_APP"

 This line, from the output of a debug voice ccapi inout, on a new voice gateway in our Denver office, caused us several hours of hair-ripping frustration. There's not much about it on the Google, yet; at least not much we could find. This post by Guilherme Villarinho (translated) on the Portugese-language Avvid.net pointed us in the right direction.

Beginning with IOS 15.1(2)T, Cisco introduced a Toll-Fraud Prevention feature. The feature defaults to not connecting calls from a VoIP source that isn't trusted. Trust is defined by IP either by trusting individual hosts or subnets.

I don't really see the value of the feature, as it's described, and we decided to disable it with the following commands:

voice service voip      
   authenticate trusted no ip address

If you can think of a reason to enable it, though, I'd love to hear it.