cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1167
Views
0
Helpful
5
Replies

Cube Router with multiple sip trunk

Daniov1
Level 1
Level 1

Hi everyone.

In my environment I have a CUBE (C2900-UNIVERSALK9-M), Version 15.6(2)T.

 

CUCM-->CUBE-->Provider

There is SIP Trunk (5060) configuration between CUCM to CUBE.

The CUBE have a SIP Trunk to provider(not secure), I want to add a new SIP to another provider with SIP TLS and SRTP.

How do I configure SIP TLS to the new provider? Is this possible to have two SIP Trunks that one of them is SIP TLS and the other one is not secure?

 

Thanks

1 Accepted Solution

Accepted Solutions

R0g22
Cisco Employee
Cisco Employee
Yes, you would need cert signed by a CA and also add root/intermediate CA cert to the CUBE. Your ITSP will need to do that as well. Did your ITSP provide you with root CA cert ? If not, contact them.
For more details on configuration, check the following -

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/200104-SIP-TLS-and-SRTP-RTP-internetworking-on.html

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/212090-Configure-SIP-TLS-between-CUCM-CUBE-CUBE.pdf

View solution in original post

5 Replies 5

R0g22
Cisco Employee
Cisco Employee
Never done it but you should be able to use multi tenancy to apply specific configs and apply the tenant to specific dial-peer one that supports TLS vs one that does not.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-multi-tenants.html

 

R0g22
Cisco Employee
Cisco Employee
Yes, you would need cert signed by a CA and also add root/intermediate CA cert to the CUBE. Your ITSP will need to do that as well. Did your ITSP provide you with root CA cert ? If not, contact them.
For more details on configuration, check the following -

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/200104-SIP-TLS-and-SRTP-RTP-internetworking-on.html

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/212090-Configure-SIP-TLS-between-CUCM-CUBE-CUBE.pdf

 

R0g22
Cisco Employee
Cisco Employee
Yes, CUBE needs to have its identity cert signed by a CA and the CA needs to be trusted by your ITSP to allow successful SSL handshake. Same thing applies to your ITSP. You need to trust the CA that signs their identity cert.
From the config perspective, you add the certs and enable the dial-peer/sip-ua for TLS. Check the docs that I linked earlier.
Also, the norm is when you having TLS with your ITSP, usually it is preferred/recommended to use a public CA that is globally trusted. ITSP's generally provide the CA cert chain to customers.