Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1404
Views
5
Helpful
4
Replies

SIP Trunk

Go to solution
mymite060708
Level 1
Level 1

‎08-16-2010 02:56 AM - edited ‎03-16-2019 12:16 AM

hi

I have a customer ordering a SIP trunk from a service provier and replacing their e1 link. they have been told they can add a sip trunk directly from CM with out a gateway - is this correct they don;t need CUBE or anything?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to mymite060708

‎08-16-2010 04:32 AM 

ok so best to configure CUBE and terminate the SIP trunk on the 
gateway then SIP trunk from CM to the gateway?

Yes

then NAT external address to 
internal address of CUBE gateway?

Typically the CUBE does it's own NAT. See this document: http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htnatsbc.html

I take it you dont have to plug the SIP 
trunk directly into the gateway only needs to be a logical connection?

For security purposes, most customers/providers utilize a private Ethernet connection between the SIP provider and CUBE. If you don't have this option, you will need to add a firewall to protect CUBE in the DMZ. Regardless of the deployment, use SIP digest authentication, registration, and an ACL to restrict SIP communications with the router.

also is their much config required?

Not really but a fair amount of reading upfront to understand what you are doing. http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb_book/vb_book.html

View solution in original post

4 Replies 4

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎08-16-2010 03:13 AM

While UCM supports SIP trunks natively, the answer to your question is No. UCM is not intended to be an exterior-facing application (i.e. protected behind your firewall). UCM uses SIP trunks for connectivity to internal applications such as MeetingPlace, Unity Connections, and PSTN gateways configured to speak SIP to UCM internally instead of MGCP or H.323.

SIP traffic and firewalls - generally speaking - do not work well together because the SIP traffic will have IP addresses embedded within the layer-seven data. Most firewalls don't support this level of NAT address correction. CUBE is designed to address this and a long list of other border issues.

0 Helpful

Go to solution
mymite060708
Level 1
Level 1
In response to Jonathan Schulenberg

‎08-16-2010 03:49 AM

ok so best to configure CUBE and terminate the SIP trunk on the gateway then SIP trunk from CM to the gateway?

then NAT external address to internal address of CUBE gateway?

I take it you dont have to plug the SIP trunk directly into the gateway only needs to be a logical connection?

also is their much config required?

Thanks for your help

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to mymite060708

‎08-16-2010 04:32 AM 

ok so best to configure CUBE and terminate the SIP trunk on the 
gateway then SIP trunk from CM to the gateway?

Yes

then NAT external address to 
internal address of CUBE gateway?

Typically the CUBE does it's own NAT. See this document: http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htnatsbc.html

I take it you dont have to plug the SIP 
trunk directly into the gateway only needs to be a logical connection?

For security purposes, most customers/providers utilize a private Ethernet connection between the SIP provider and CUBE. If you don't have this option, you will need to add a firewall to protect CUBE in the DMZ. Regardless of the deployment, use SIP digest authentication, registration, and an ACL to restrict SIP communications with the router.

also is their much config required?

Not really but a fair amount of reading upfront to understand what you are doing. http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb_book/vb_book.html

Go to solution
hasnain.raza
Level 1
Level 1
In response to mymite060708

‎03-02-2020 02:16 AM

Here's a working configuration of CUBE having a SIP trunk terminated on it:

 

!
voice rtp send-recv
!
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
h225 connect-passthru
sip
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g722-64
codec preference 3 g711alaw
!
voice class h323 1
h225 timeout tcp establish 3
!
!
!
!
voice iec syslog
!
!
voice translation-rule 1
rule 1 /8847165/ /89/
!
voice translation-rule 2
!
voice translation-rule 3
rule 1 /^9\(.........$\)/ /\1/
rule 2 /^9\(.......$\)/ /04\1/
!
voice translation-rule 4
rule 1 /^9\(.......$\)/ /04\1/
!
voice translation-rule 10
rule 1 /^.*/ /048847165/
!
!
voice translation-profile LOCAL
translate called 3
!
voice translation-profile MISSED
translate calling 2
translate called 1
!
voice translation-profile OUTGOING
translate calling 10
translate called 3
!
!
!
license udi pid ISR4321/K9 sn FDO23120GE5
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username admin secret 5 $1$Jyjv$K9x30e6WRk82toTQ1PlaM1
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.0.225 255.255.255.0
negotiation auto
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.0.225
!
interface GigabitEthernet0/0/1
ip address 192.168.1.10 255.255.255.0
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
snmp-server community public RO
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
dial-peer voice 1 voip
destination-pattern [1238].
session protocol sipv2
session target ipv4:192.168.0.220
voice-class codec 1
dtmf-relay rtp-nte h245-alphanumeric
!
dial-peer voice 100 voip
translation-profile outgoing OUTGOING
destination-pattern .T
session protocol sipv2
session target sip-server
session transport udp
voice-class codec 1
no voice-class sip localhost
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
no vad
!
dial-peer voice 200 voip
translation-profile incoming MISSED
session protocol sipv2
session target sip-server
incoming called-number .T
voice-class codec 1
dtmf-relay sip-notify rtp-nte
no vad
!
dial-peer voice 2 voip
destination-pattern ^89
session protocol sipv2
session target ipv4:192.168.0.220
voice-class codec 1
dtmf-relay rtp-nte sip-kpml
no vad
!
!
sip-ua
credentials number 048847165 username 48847165.etisalat password 7 02071341390D1A7308 realm etisalat.com
authentication username 48847165.etisalat password 7 02071341390D1A7308 realm etisalat.com
no remote-party-id
max-forwards 6
retry invite 2
retry bye 1
retry register 10
timers expires 360000
timers connect 100
registrar dns:48847165.etisalat expires 3600
sip-server dns:48847165.etisalat:5060
connection-reuse
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 052B142F331F1C2A5D544541
login
!
ntp master 7
ntp server 192.168.0.225 prefer
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents