Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
5
Replies

Cube Router with multiple sip trunk

Go to solution
Daniov1
Level 1
Level 1

‎05-09-2018 06:39 AM - edited ‎03-17-2019 12:46 PM

Hi everyone.

In my environment I have a CUBE (C2900-UNIVERSALK9-M), Version 15.6(2)T.

 

CUCM-->CUBE-->Provider

There is SIP Trunk (5060) configuration between CUCM to CUBE.

The CUBE have a SIP Trunk to provider(not secure), I want to add a new SIP to another provider with SIP TLS and SRTP.

How do I configure SIP TLS to the new provider? Is this possible to have two SIP Trunks that one of them is SIP TLS and the other one is not secure?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
R0g22
Cisco Employee
Cisco Employee
In response to Daniov1

‎05-09-2018 09:24 AM

Yes, you would need cert signed by a CA and also add root/intermediate CA cert to the CUBE. Your ITSP will need to do that as well. Did your ITSP provide you with root CA cert ? If not, contact them.
For more details on configuration, check the following -

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/200104-SIP-TLS-and-SRTP-RTP-internetworking-on.html

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/212090-Configure-SIP-TLS-between-CUCM-CUBE-CUBE.pdf

View solution in original post

0 Helpful
5 Replies 5

Go to solution
R0g22
Cisco Employee
Cisco Employee

‎05-09-2018 07:08 AM

Never done it but you should be able to use multi tenancy to apply specific configs and apply the tenant to specific dial-peer one that supports TLS vs one that does not.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-multi-tenants.html

0 Helpful

Go to solution
Daniov1
Level 1
Level 1
In response to R0g22

‎05-09-2018 08:55 AM - edited ‎05-19-2018 08:26 AM

 
0 Helpful

Go to solution
R0g22
Cisco Employee
Cisco Employee
In response to Daniov1

‎05-09-2018 09:24 AM

Yes, you would need cert signed by a CA and also add root/intermediate CA cert to the CUBE. Your ITSP will need to do that as well. Did your ITSP provide you with root CA cert ? If not, contact them.
For more details on configuration, check the following -

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/200104-SIP-TLS-and-SRTP-RTP-internetworking-on.html

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/212090-Configure-SIP-TLS-between-CUCM-CUBE-CUBE.pdf

0 Helpful

Go to solution
Daniov1
Level 1
Level 1
In response to R0g22

‎05-09-2018 08:57 AM - edited ‎05-19-2018 08:28 AM

 
0 Helpful

Go to solution
R0g22
Cisco Employee
Cisco Employee
In response to Daniov1

‎05-19-2018 07:40 AM

Yes, CUBE needs to have its identity cert signed by a CA and the CA needs to be trusted by your ITSP to allow successful SSL handshake. Same thing applies to your ITSP. You need to trust the CA that signs their identity cert.
From the config perspective, you add the certs and enable the dial-peer/sip-ua for TLS. Check the docs that I linked earlier.
Also, the norm is when you having TLS with your ITSP, usually it is preferred/recommended to use a public CA that is globally trusted. ITSP's generally provide the CA cert chain to customers.

0 Helpful
Customers Also Viewed These Support Documents