Auth Code / FRL / Trunks question

[phoneguy01]

We have the following situation. A caller calls into the remote access DID and dials one of the codes listed on the remote access page. Since the remote access setting for Auth Codes is set to Yes, the caller must also enter his authorization code. Once the auth code has been dialed, the call now assumes the COR/FRL assigned to that auth code. Now here's the big question. We'd like to restrict users from accessing a certain trunk group when using remote access...BUT they still need access to this trunk group when they're inside the office. The problem I'm having is that these people use the auth code and that auth code has access to an FRL that has access to the trunk group we need to restrict them from when outside the office. They all have different auth codes (each person assigned a unique code) and they all still need access to this trunk group inside the office...but not from outside the office. I just can't think of a way to make this work so that the caller doesn't have to learn anything new...like a new/second auth code, etc. It would be pointless to assign them a second auth code anyway since they already know the other auth code has access to the trunks in question. Also we still need to maintain use of the auth codes, so simply doing away with use of auth codes is not a solution. The reason behind restricting access to these trunks is to avoid legal issues in a certain country. We are not technically allowed to bridge PSTN calls to IP trunks that route out to another country in this particular situation.

Any ideas on how I can make it so the person can continue to use the auth code to access these trunks inside the office but not from outside when coming in through the remote access DID? The book does say the auth code's FRL/COR will override the remote access FRL/COR...so this is expected and normal. I'm looking for a creative but not overly complicated solution.

Ideas?

 

[inerguard]

Why are they using the remote access authorisation codes inside the office?


[Started on Version 3 software 15 years a go]

 

[phoneguy01]

They're only using remote access from outside the office but they still dial their personal auth code once they get into the remote access number. When they're inside the office, they use the auth code as well...and this is mainly to track who's making the phone calls. I don't think they really use it to restrict access or permit access, it's just a way of tracking phone calls I assume for internal billing reasons. Since they use the auth code inside or outside the office, I can't think of a way to come up with the restrictions I need on that one trunk group.

 

[inerguard]

So if you just pick up a phone in the office, it's barred from dialing unless you use the auth code.

Sorry mate, that's just craaaazzzzyyyy


[Started on Version 3 software 15 years a go]

 

[phoneguy01]

Ok, we solved this using tenant partitioning. All is well now. Basically we put the IP trunks in tenant partition 3 and the PSTN trunks in tenant 2. Phones remain in tenant 1 with full access to all partitions. We told tenant 2 it can't call tenant 3 (the IP trunks). We told tenant 3 it can't call tenant 2 (PSTN trunks). This seems to work well