cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3451
Views
0
Helpful
2
Replies

CUBE/SBC to office 365 - TLS handshake failing

Oleg Serstjuk
Level 1
Level 1

Hi,

 

I am working on configuring office365 with SBC and having issues with TLS handshake

Following the debugs below and according to below diagram and link, the certificates are being exchanged correctly and the TLS handshake nearly completes. Missing the ChangeCipherSpec and Finished from office365 side from what I can see

I am not too familiar with TLS and certificates so hoping someone could advise on what is happening here? is this issue with the config or is this issue with o365?

 

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-socket-layer-ssl/116181-technote-product-00.html

 tls

 

*Mar 22 15:45:16.483: TCB028F7898 created
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NO_DELAY (0) B4B2024
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NO_DELAY (0) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_KEEPALIVE (17) B4B2028
*Mar 22 15:45:16.483: TCP: Setting Keepalive interval and retries to 60 and 4
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_ALWAYSPUSH (15) B4B2028
*Mar 22 15:45:16.483: TCP: Random local port generated 23193, network 1
*Mar 22 15:45:16.483: TCB028F7898 bound to 213.105.58.243.23193
*Mar 22 15:45:16.483: Reserved port 23193 in Transport Port Agent for TCP IP type 1
*Mar 22 15:45:16.483: TCP: sending SYN, seq 1061243157, ack 0
*Mar 22 15:45:16.483: TCP0: Connection to 157.55.9.252:5061, advertising MSS 536
*Mar 22 15:45:16.483: TCP0: state was CLOSED -> SYNSENT [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.511: TCP0: state was SYNSENT -> ESTAB [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.511: TCP: tcb 28F7898 connection to 157.55.9.252:5061, peer MSS 1460, MSS is 536
*Mar 22 15:45:16.511: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) 127D7228
*Mar 22 15:45:16.511: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) 127D7228
*Mar 22 15:45:16.511: opssl_SetPKIInfo entry
*Mar 22 15:45:16.511: CRYPTO_PKI: (A0314) Session started - identity selected (GoDaddyCert)
*Mar 22 15:45:16.511: CRYPTO_PKI: Can't find encryption certificate for trustpoint (GoDaddyCert)
*Mar 22 15:45:16.511: CRYPTO_OPSSL: Can't find router cert.
*Mar 22 15:45:16.511: CRYPTO_PKI: PKI session A0314 has ended. Freeing all resources.
*Mar 22 15:45:16.511: CRYPTO_PKI: unlocked trustpoint GoDaddyCert, refcount is 0
*Mar 22 15:45:16.511: Handshake start: before/connect initialization
*Mar 22 15:45:16.511: SSL_connect:before/connect initialization
*Mar 22 15:45:16.511: >>> TLS 1.0 Handshake [length 0031], ClientHello
*Mar 22 15:45:16.511:     01 00 00 2D 03 01 58 D2 9C 0C 77 43 31 E4 FF 04
*Mar 22 15:45:16.511:     33 A9 E1 B9 AA 65 9E BE 62 A1 FC E6 36 DB 58 96
*Mar 22 15:45:16.511:     18 2B 46 CB 3F 12 00 00 06 00 04 00 2F 00 FF 01
*Mar 22 15:45:16.511:     00
*Mar 22 15:45:16.511:
*Mar 22 15:45:16.511: SSL_connect:SSLv3 write client hello A
*Mar 22 15:45:16.535: <<< TLS 1.0 Handshake [length 0031], ServerHello
*Mar 22 15:45:16.535:     02 00 00 2D 03 01 58 D2 A5 9E 07 57 C2 EA DA F1
*Mar 22 15:45:16.535:     D5 AF E9 06 78 9B 1E 18 57 29 DE AA 3B C8 B9 88
*Mar 22 15:45:16.535:     16 B1 CA 74 F8 DF 00 00 2F 00 00 05 FF 01 00 01
*Mar 22 15:45:16.535:     00
*Mar 22 15:45:16.535:
*Mar 22 15:45:16.535: SSL_connect:SSLv3 read server hello A
*Mar 22 15:45:16.583: <<< TLS 1.0 Handshake [length 0FED], Certificate
*Mar 22 15:45:16.583:     0B 00 0F E9 00 0F E6 00 06 7D 30 82 06 79 30 82
*Mar 22 15:45:16.611:     D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9
*Mar 22 15:45:16.611:
*Mar 22 15:45:16.615: CRYPTO_PKI: (A0315) Session started - identity not specified
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (1661) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (1509) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (891) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI(Cert Lookup) issuer="cn=Microsoft IT SSL SHA2,ou=Microsoft IT,o=Microsoft Corporation,l=Redmond,st=Washington,c=US" serial number=
     5A 00 03 6C 0F 0A 5D 70 D2 BD 8E 66 54 00 01 00
     03 6C 0F

*Mar 22 15:45:16.615: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
 E3 C1 27 A6 54 FE F3 17 FD CD 33 D5 A6 F1 A4 A8

*Mar 22 15:45:16.615: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.615: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 07 27 AA 47

*Mar 22 15:45:16.615: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
 84 F1 0F 0A B1 8D 42 59 DB 7F B9 BC E9 ED 35 29

*Mar 22 15:45:16.619: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.619: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 02 00 00 B9

*Mar 22 15:45:16.619: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
 D8 EB F1 DB B7 64 51 6F 5C AE E8 C3 D9 0C 98 70

*Mar 22 15:45:16.619: CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
*Mar 22 15:45:16.619: CRYPTO_PKI: Found a subject match
*Mar 22 15:45:16.619: CRYPTO_PKI: (A0315)validation path has 2 certs

*Mar 22 15:45:16.619: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 07 27 AA 47

*Mar 22 15:45:16.619: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
 84 F1 0F 0A B1 8D 42 59 DB 7F B9 BC E9 ED 35 29

*Mar 22 15:45:16.619: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.619: CRYPTO_PKI: crypto_pki_get_cert_record_by_issuer()
*Mar 22 15:45:16.619: CRYPTO_PKI: Found a issuer match
*Mar 22 15:45:16.619: CRYPTO_PKI: (A0315) Using geotrust2 to validate certificate
*Mar 22 15:45:16.619: CRYPTO_PKI(make trusted certs chain)
*Mar 22 15:45:16.619: CRYPTO_PKI: Added 1 certs to trusted chain.
*Mar 22 15:45:16.619: CRYPTO_PKI: Prepare session revocation service providers
*Mar 22 15:45:16.619: P11:C_CreateObject:
*Mar 22 15:45:16.619:  CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.619:  CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.619:  CKA_MODULUS:
     A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29
     8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39

*Mar 22 15:45:16.619:  CKA_PUBLIC_EXPONENT:  01 00 01

*Mar 22 15:45:16.619:  CKA_VERIFY_RECOVER:  01

*Mar 22 15:45:16.619:  CRYPTO_PKI: Deleting cached key having key id 786
*Mar 22 15:45:16.623:  CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.623:  CRYPTO_PKI:Peer's public inserted successfully with key id 787
*Mar 22 15:45:16.623: P11:C_CreateObject: 131859
*Mar 22 15:45:16.623: P11:C_GetMechanismInfo slot 1 type 3 (invalid mechanism)
*Mar 22 15:45:16.623: P11:C_GetMechanismInfo slot 1 type 1
*Mar 22 15:45:16.623: P11:C_VerifyRecoverInit - 131859
*Mar 22 15:45:16.623: P11:C_VerifyRecover - 131859
*Mar 22 15:45:16.623: P11:found pubkey in cache using index = 787
*Mar 22 15:45:16.623: P11:public key found is :
     30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
     78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A
     39 02 03 01 00 01

*Mar 22 15:45:16.623: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.623: P11:C_DestroyObject 1:20313
*Mar 22 15:45:16.623:  CRYPTO_PKI: Expiring peer's cached key with key id 787
*Mar 22 15:45:16.623: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.623: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.623: CRYPTO_PKI: (A0315) Certificate validated without revocation check
*Mar 22 15:45:16.623: CRYPTO_PKI(Cert Lookup) issuer="cn=Microsoft IT SSL SHA2,ou=Microsoft IT,o=Microsoft Corporation,l=Redmond,st=Washington,c=US" serial number=
     5A 00 03 6C 0F 0A 5D 70 D2 BD 8E 66 54 00 01 00
     03 6C 0F

*Mar 22 15:45:16.627: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
 E3 C1 27 A6 54 FE F3 17 FD CD 33 D5 A6 F1 A4 A8

*Mar 22 15:45:16.627: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.627: CRYPTO_PKI: (A0315) Using geotrust2 to validate certificate
*Mar 22 15:45:16.627: CRYPTO_PKI: Prepare session revocation service providers
*Mar 22 15:45:16.627: P11:C_CreateObject:
*Mar 22 15:45:16.627:  CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.627:  CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.627:  CKA_MODULUS:
     D1 E8 37 A7 76 8A 70 4B 19 F0 20 37 09 24 37 7F
     EA FB 78 E6 05 BA 6A AD 4E 27 0D FC 72 6A D9 6C
     D9 AD 68 FD 20 0A 55 91 21 64 F9 D7 13 01 A0 08
     5D 59 89 1B 44 AF A4 AC C7 05 10 FA 41 4A A8 FB

*Mar 22 15:45:16.631:  CKA_PUBLIC_EXPONENT:  01 00 01

*Mar 22 15:45:16.631:  CKA_VERIFY_RECOVER:  01

*Mar 22 15:45:16.631:  CRYPTO_PKI: Deleting cached key having key id 787
*Mar 22 15:45:16.631:  CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.631:  CRYPTO_PKI:Peer's public inserted successfully with key id 788
*Mar 22 15:45:16.631: P11:C_CreateObject: 131860
*Mar 22 15:45:16.631: P11:C_GetMechanismInfo slot 1 type 3 (invalid mechanism)
*Mar 22 15:45:16.631: P11:C_GetMechanismInfo slot 1 type 1
*Mar 22 15:45:16.631: P11:C_VerifyRecoverInit - 131860
*Mar 22 15:45:16.631: P11:C_VerifyRecover - 131860
*Mar 22 15:45:16.631: P11:found pubkey in cache using index = 788
*Mar 22 15:45:16.631: P11:public key found is :
     30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
     08 5D 59 89 1B 44 AF A4 AC C7 05 10 FA 41 4A A8
     FB 02 03 01 00 01

*Mar 22 15:45:16.639: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.639: P11:C_DestroyObject 1:20314
*Mar 22 15:45:16.639:  CRYPTO_PKI: Expiring peer's cached key with key id 788
*Mar 22 15:45:16.639: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.639: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315) Certificate validated without revocation check
*Mar 22 15:45:16.639: PKI: Cert key-usage: Digital-Signature , Key-Encipherment , Key-Encipherment
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315)chain cert was anchored to trustpoint geotrust2, and chain validation result was: CRYPTO_VALID_CERT_WITH_WARNING
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315) Validation TP is geotrust2
*Mar 22 15:45:16.639: CRYPTO_PKI: PKI session A0315 has ended. Freeing all resources.
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server certificate A
*Mar 22 15:45:16.639: <<< TLS 1.0 Handshake [length 0009], CertificateRequest
*Mar 22 15:45:16.639:     0D 00 00 05 02 01 02 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server certificate request A
*Mar 22 15:45:16.639: <<< TLS 1.0 Handshake [length 0004], ServerHelloDone
*Mar 22 15:45:16.639:     0E 00 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server done A
*Mar 22 15:45:16.639: >>> TLS 1.0 Handshake [length 0007], Certificate
*Mar 22 15:45:16.639:     0B 00 00 03 00 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 write client certificate A
*Mar 22 15:45:16.639: P11:C_FindObjectsInit:
*Mar 22 15:45:16.639:  CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.639:  CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.639:  CKA_MODULUS:
     A9 01 39 CF 6A 42 6A E2 2F 24 32 5B 0C 97 44 7D
     FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9 1D

*Mar 22 15:45:16.639:  CKA_PUBLIC_EXPONENT:  01 00 01

*Mar 22 15:45:16.639:  CRYPTO_PKI: Deleting cached key having key id 393
*Mar 22 15:45:16.643: P11:C_FindObjectsFinal
*Mar 22 15:45:16.643: P11:C_CreateObject:
*Mar 22 15:45:16.643:  CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.643:  CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.643:  CKA_MODULUS:
     A9 01 39 CF 6A 42 6A E2 2F 24 32 5B 0C 97 44 7D
     3A A7 8E 67 40 74 FA 03 92 B9 72 FF 48 72 1C EB
     FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9 1D

*Mar 22 15:45:16.643:  CKA_PUBLIC_EXPONENT:  01 00 01

*Mar 22 15:45:16.643:  CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.643:  CRYPTO_PKI:Peer's public inserted successfully with key id 394
*Mar 22 15:45:16.643: P11:C_CreateObject: 131466
*Mar 22 15:45:16.643: P11:C_EncryptInit
*Mar 22 15:45:16.643: P11:C_Encrypt
*Mar 22 15:45:16.643: P11:found pubkey in cache using index = 394
*Mar 22 15:45:16.643: P11:public key found is :
     30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
     FC FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9
     1D 02 03 01 00 01

*Mar 22 15:45:16.647: P11:C_Encrypt
*Mar 22 15:45:16.647: P11:found pubkey in cache using index = 394
*Mar 22 15:45:16.647: P11:public key found is :
     30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
     01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01
     1D 02 03 01 00 01

*Mar 22 15:45:16.647: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.651: >>> TLS 1.0 Handshake [length 0106], ClientKeyExchange
*Mar 22 15:45:16.651:     10 00 01 02 01 00 1A 44 2C 2C DD 22 28 77 CA F8
*Mar 22 15:45:16.651:     A3 F9 A0 96 A7 96 94 8F 07 66 34 17 73 62 7B E6
*Mar 22 15:45:16.651:     41 87 E5 C3 0A 68
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write client key exchange A
*Mar 22 15:45:16.651: >>> TLS 1.0 ChangeCipherSpec [length 0001]
*Mar 22 15:45:16.651:     01
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write change cipher spec A
*Mar 22 15:45:16.651: >>> TLS 1.0 Handshake [length 0010], Finished
*Mar 22 15:45:16.651:     14 00 00 0C 6D BD C4 EE BE F5 31 79 88 7A 10 7A
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write finished A
*Mar 22 15:45:16.651: SSL_connect:SSLv3 flush data
*Mar 22 15:45:16.679: TCP0: FIN processed
*Mar 22 15:45:16.679: TCP0: state was ESTAB -> CLOSEWAIT [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.679: SSL_connect:failed in SSLv3 read finished A
*Mar 22 15:45:16.679: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) 127D7228
*Mar 22 15:45:16.679: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) 127D7228
*Mar 22 15:45:16.679: TCP0: state was CLOSEWAIT -> LASTACK [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.679: TCP0: sending FIN
*Mar 22 15:45:16.679: P11:C_DestroyObject 2:2018A
*Mar 22 15:45:16.679:  CRYPTO_PKI: Expiring peer's cached key with key id 394
*Mar 22 15:45:16.703: TCP0: Got ACK for our FIN
*Mar 22 15:45:16.703: TCP0: state was LASTACK -> CLOSED [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.703: Released port 23193 in Transport Port Agent for TCP IP type 1 delay 240000
*Mar 22 15:45:16.703: TCB 0x28F7898 destroyed

 

 

 

 

 

 

 

 

 

CUBE config

 

 
crypto pki trustpoint o365trustpoint
 enrollment terminal pem
 fqdn o365vm.exampleABC.co.uk
 subject-name CN=o365vm.exampleABC.co.uk,OU=I.T.,O=exampleABC,L=Hillsborough,ST=Down,C=GB
 revocation-check crl
 rsakeypair o365rsakeys
!
crypto pki trustpoint GoDaddyRoot
 enrollment terminal
 revocation-check none
!
crypto pki trustpoint GoDaddyBundle
 enrollment terminal
 chain-validation continue GoDaddyRoot
 revocation-check none
!
crypto pki trustpoint GoDaddyCert
 enrollment terminal
 subject-name CN=o365vm.exampleABC.co.uk,OU=I.T.,O=exampleABC,L=Hillsborough,ST=Down,C=GB
 chain-validation continue GoDaddyBundle
 revocation-check crl
 rsakeypair o365rsakeys
!
crypto pki trustpoint geotrust
 enrollment terminal pem
 revocation-check none
!
crypto pki trustpoint TP-self-signed-2170487116
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2170487116
 revocation-check none
 rsakeypair TP-self-signed-2170487116
!
crypto pki trustpoint geotrust2
 enrollment terminal pem
 revocation-check none
!
!
crypto pki certificate chain o365trustpoint
crypto pki certificate chain GoDaddyRoot
 certificate ca 07
  308204D0 308203B8 A0030201 02020107 300D0609 2A864886 F70D0101 0B050030
  022FD215 54EE4415 D90AAEA7 8A33EDB1 2D763626 DC04EB9F F7611F15 DC876FEE
  469628AD A1267D0A 09A72E04 A38DBCF8 BC043001
        quit
crypto pki certificate chain GoDaddyBundle
 certificate ca 07
  308204D0 308203B8 A0030201 02020107 300D0609 2A864886 F70D0101 0B050030
  022FD215 54EE4415 D90AAEA7 8A33EDB1 2D763626 DC04EB9F F7611F15 DC876FEE
  469628AD A1267D0A 09A72E04 A38DBCF8 BC043001
        quit
crypto pki certificate chain GoDaddyCert
 certificate ca 00B42A158D61851696
  30820545 3082042D A0030201 02020900 B42A158D 61851696 300D0609 2A864886
  08E71360 BDA9ED8D B3FF1A8A 2FCD17B2 158E2C06 30BDAF77 77BB8A21 EC71B0E0
  EF92A547 9E5D6883 E3
        quit
crypto pki certificate chain geotrust
 certificate ca 01A5
  3082025A 308201C3 020201A5 300D0609 2A864886 F70D0101 04050030 75310B30
  9593EFCB 94D89E1F 9D5C856D C7AAAE4F 1F22B5CD 95ADBAA7 CCF9AB0B 7A7F
        quit
crypto pki certificate chain TP-self-signed-2170487116
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  45288E41 EAD04B3D 62264F10 062F0524 53410BD4 E0136561 000434DB 404A6B6D
  607DDF60 8D3A06CC CA04A276 F4898B
        quit
crypto pki certificate chain geotrust2
 certificate ca 020000B9
  30820377 3082025F A0030201 02020402 0000B930 0D06092A 864886F7 0D010105
  47D2382E D0FE81DC 326A1EB5 EE3CD5FC E7811D19 C32442EA 6339A9
        quit
ip cef
!
!
!
!
!
!
ip domain name exampleABC.co.uk
ip name-server 8.8.8.8
no ipv6 cef

!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
 dsp services dspfarm
!
!
!
voice service voip
 ip address trusted list
  ipv4 172.16.0.0 255.255.0.0
 no notify redirect ip2ip
 allow-connections sip to sip
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer
 supplementary-service media-renegotiate
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
 sip
  rel1xx disable
!
voice class codec 4
 codec preference 1 g711ulaw
 codec preference 2 g711alaw
 codec preference 3 g729r8
!
!
!
redundancy
!
!
!
interface GigabitEthernet0/0
 ip address 172.16.220.18 255.255.0.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 213.105.58.243 255.255.255.240
 duplex auto
 speed auto
!
 no ip address
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip http secure-trustpoint GoDaddyCert
!
nls resp-timeout 1
cpd cr-id 1
!
!
control-plane

 !
dspfarm profile 1 transcode universal security
codec g729r8
codec g711ulaw
codec g711alaw
maximum sessions 3
associate application CUBE
shutdown
!
dial-peer voice 1 voip
description ## from CUCM ##
session protocol sipv2
session transport tcp
incoming called-number 8800
voice-class codec 4 offer-all
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
no vad
!
dial-peer voice 2 voip
description ## to o365 ##
destination-pattern 8800
session protocol sipv2
session target dns:7c549478-5f9d-406f-a320-a947dae746be.um.outlook.com
session transport tcp tls
voice-class codec 4 offer-all
voice-class sip call-route url
voice-class sip options-keepalive
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
srtp fallback
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
no vad
!
dial-peer voice 3 voip
description ## from o365 ##
shutdown
session protocol sipv2
session transport tcp tls
incoming called-number .%
voice-class codec 4 offer-all
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
srtp fallback
no vad
!
!
sip-ua
crypto signaling default trustpoint GoDaddyCert
!

 

 

2 Replies 2

Lucas Phelps
Level 5
Level 5

Did you ever get a working CUBE configuration to Office 365 UM?  I'm banging my head against the wall.  I'm pretty sure we've got TLS configured correctly as 365 answers our SIP call as SRTP but then immediately issues BYE message.

Would you be willing to share your configuration?

yeah, was an issue with TLS. Cnat remeber exactly what. If you are seing SIP messages going back and forth your TLS config is working

Are your 365 dialpeers configured to use SRTP and are you xcoding form RTP to SRTP for 365?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: