SIP Trunk

Answered Question
Aug 16th, 2010

hi


I have a customer ordering a SIP trunk from a service provier and replacing their e1 link. they have been told they can add a sip trunk directly from CM with out a gateway - is this correct they don;t need CUBE or anything?


Thanks

Correct Answer by Jonathan Schulenberg about 6 years 6 months ago
ok so best to configure CUBE and terminate the SIP trunk on the 
gateway then SIP trunk from CM to the gateway?

Yes

then NAT external address to internal address of CUBE gateway?

Typically the CUBE does it's own NAT. See this document: http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htnatsbc.html


I take it you dont have to plug the SIP 
trunk directly into the gateway only needs to be a logical connection?

For security purposes, most customers/providers utilize a private Ethernet connection between the SIP provider and CUBE. If you don't have this option, you will need to add a firewall to protect CUBE in the DMZ. Regardless of the deployment, use SIP digest authentication, registration, and an ACL to restrict SIP communications with the router.

also is their much config required?

Not really but a fair amount of reading upfront to understand what you are doing. http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb_book/vb_book.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jonathan Schulenberg Mon, 08/16/2010 - 03:13

While UCM supports SIP trunks natively, the answer to your question is No. UCM is not intended to be an exterior-facing application (i.e. protected behind your firewall). UCM uses SIP trunks for connectivity to internal applications such as MeetingPlace, Unity Connections, and PSTN gateways configured to speak SIP to UCM internally instead of MGCP or H.323.


SIP traffic and firewalls - generally speaking - do not work well together because the SIP traffic will have IP addresses embedded within the layer-seven data. Most firewalls don't support this level of NAT address correction. CUBE is designed to address this and a long list of other border issues.

mymite060708 Mon, 08/16/2010 - 03:49

ok so best to configure CUBE and terminate the SIP trunk on the gateway then SIP trunk from CM to the gateway?


then NAT external address to internal address of CUBE gateway?


I take it you dont have to plug the SIP trunk directly into the gateway only needs to be a logical connection?


also is their much config required?



Thanks for your help

Correct Answer
Jonathan Schulenberg Mon, 08/16/2010 - 04:32
ok so best to configure CUBE and terminate the SIP trunk on the 
gateway then SIP trunk from CM to the gateway?

Yes

then NAT external address to internal address of CUBE gateway?

Typically the CUBE does it's own NAT. See this document: http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htnatsbc.html


I take it you dont have to plug the SIP 
trunk directly into the gateway only needs to be a logical connection?

For security purposes, most customers/providers utilize a private Ethernet connection between the SIP provider and CUBE. If you don't have this option, you will need to add a firewall to protect CUBE in the DMZ. Regardless of the deployment, use SIP digest authentication, registration, and an ACL to restrict SIP communications with the router.

also is their much config required?

Not really but a fair amount of reading upfront to understand what you are doing. http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb_book/vb_book.html

Actions

This Discussion