08-07-2018 12:57 AM - edited 03-17-2019 01:17 PM
Hi All
We have a Call Manager express with a SIP trunk to the provider, currently the SIP flows through the Firewall and is Natted.
Can anyone tell me if it is best practice when using SIP to plug the ISP connection straight into the Call Manager and run an access list or Firewall, this way we are not doing NAT etc.
Also as it is a CME, it is not a CUBE so can anyone tell me how the calls will flow to the provider?
cheers
Here is a snippet of the config for the SIP
!
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0
registrar server
!
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 g729r8
codec preference 4 g729br8
!
!
voice register dn 3
number 1202
name 1202
no-reg
label 1202
!
voice register pool 3
busy-trigger-per-button 2
id mac 0072.7827.900D
type 7821
number 1 dn 3
no digit collect kpml
presence call-list
dtmf-relay rtp-nte
username 1202 password 1202
codec g711alaw
!
dial-peer voice 103 voip
description -= Incoming to 1202 =-
translation-profile incoming 1
destination-pattern 1203
session protocol sipv2
session target sip-server
incoming called-number XXXXXXXX
dtmf-relay rtp-nte sip-notify
codec g711alaw
no vad
!
credentials username XXXXXX password 7 XXXXXX realm XXX.TEST.COM
no remote-party-id
registrar dns:mpbx.XXX.TEST.COM expires 180
sip-server dns:mpbx.TEST.COM
08-07-2018 01:06 AM
run a sip trunk into your ISP from your cme then from cme into your cucm, that is best practise
08-07-2018 03:21 AM
08-07-2018 02:45 AM
Both the Firewall or Connecting directly the ISP public interface to the CME Box are valid options.
Using a firewall you can create a DMZ network between the CME and the Firewall and nat 1:1 the IP ISP assigns to your voip trunk towards to the WAN IP assigend to the CUBE.
You can also assign the ISP Public Interface to on of the CME Routers interfaces, since by this you are exposing the Router directly to the internet you could do the following.
Even if you are using the Route as CME, if the traffic is sourced on the LAN IP address and has a WAN ip address as target on a outbound call and vice-versa on an inbound call the Router will use cube feature to terminate the data traffic on the IP addresses and bridge the 2 call legs using a voice-channel thereby terminating the data streams on each of the IPs,
Its not advisable to have the binding command at the voice service VoIP level since this will make all traffic to and from the router to be sourced allways from GigabitEthernet0/0/0 (this is ok on the direction Router->Internet but not ok from the direction Internet->to Router), it would be preferable as stated above to have a LAN and WAN interface and use the sip binding commands on the dial-peer level.
08-07-2018 06:20 AM
08-07-2018 07:55 AM
Dial-peer voice xx voip
session protocol sipv2
voice-class sip bind control source-interface [interface]
voice-class sip bind media source-interface [interface]
no vad
08-07-2018 08:14 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide