03-29-2017 04:38 AM - edited 03-17-2019 09:55 AM
Hi,
I am working on configuring office365 with SBC and having issues with TLS handshake
Following the debugs below and according to below diagram and link, the certificates are being exchanged correctly and the TLS handshake nearly completes. Missing the ChangeCipherSpec and Finished from office365 side from what I can see
I am not too familiar with TLS and certificates so hoping someone could advise on what is happening here? is this issue with the config or is this issue with o365?
*Mar 22 15:45:16.483: TCB028F7898 created
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NO_DELAY (0) B4B2024
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_NO_DELAY (0) B4B2028
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_KEEPALIVE (17) B4B2028
*Mar 22 15:45:16.483: TCP: Setting Keepalive interval and retries to 60 and 4
*Mar 22 15:45:16.483: TCB028F7898 setting property TCP_ALWAYSPUSH (15) B4B2028
*Mar 22 15:45:16.483: TCP: Random local port generated 23193, network 1
*Mar 22 15:45:16.483: TCB028F7898 bound to 213.105.58.243.23193
*Mar 22 15:45:16.483: Reserved port 23193 in Transport Port Agent for TCP IP type 1
*Mar 22 15:45:16.483: TCP: sending SYN, seq 1061243157, ack 0
*Mar 22 15:45:16.483: TCP0: Connection to 157.55.9.252:5061, advertising MSS 536
*Mar 22 15:45:16.483: TCP0: state was CLOSED -> SYNSENT [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.511: TCP0: state was SYNSENT -> ESTAB [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.511: TCP: tcb 28F7898 connection to 157.55.9.252:5061, peer MSS 1460, MSS is 536
*Mar 22 15:45:16.511: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) 127D7228
*Mar 22 15:45:16.511: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) 127D7228
*Mar 22 15:45:16.511: opssl_SetPKIInfo entry
*Mar 22 15:45:16.511: CRYPTO_PKI: (A0314) Session started - identity selected (GoDaddyCert)
*Mar 22 15:45:16.511: CRYPTO_PKI: Can't find encryption certificate for trustpoint (GoDaddyCert)
*Mar 22 15:45:16.511: CRYPTO_OPSSL: Can't find router cert.
*Mar 22 15:45:16.511: CRYPTO_PKI: PKI session A0314 has ended. Freeing all resources.
*Mar 22 15:45:16.511: CRYPTO_PKI: unlocked trustpoint GoDaddyCert, refcount is 0
*Mar 22 15:45:16.511: Handshake start: before/connect initialization
*Mar 22 15:45:16.511: SSL_connect:before/connect initialization
*Mar 22 15:45:16.511: >>> TLS 1.0 Handshake [length 0031], ClientHello
*Mar 22 15:45:16.511: 01 00 00 2D 03 01 58 D2 9C 0C 77 43 31 E4 FF 04
*Mar 22 15:45:16.511: 33 A9 E1 B9 AA 65 9E BE 62 A1 FC E6 36 DB 58 96
*Mar 22 15:45:16.511: 18 2B 46 CB 3F 12 00 00 06 00 04 00 2F 00 FF 01
*Mar 22 15:45:16.511: 00
*Mar 22 15:45:16.511:
*Mar 22 15:45:16.511: SSL_connect:SSLv3 write client hello A
*Mar 22 15:45:16.535: <<< TLS 1.0 Handshake [length 0031], ServerHello
*Mar 22 15:45:16.535: 02 00 00 2D 03 01 58 D2 A5 9E 07 57 C2 EA DA F1
*Mar 22 15:45:16.535: D5 AF E9 06 78 9B 1E 18 57 29 DE AA 3B C8 B9 88
*Mar 22 15:45:16.535: 16 B1 CA 74 F8 DF 00 00 2F 00 00 05 FF 01 00 01
*Mar 22 15:45:16.535: 00
*Mar 22 15:45:16.535:
*Mar 22 15:45:16.535: SSL_connect:SSLv3 read server hello A
*Mar 22 15:45:16.583: <<< TLS 1.0 Handshake [length 0FED], Certificate
*Mar 22 15:45:16.583: 0B 00 0F E9 00 0F E6 00 06 7D 30 82 06 79 30 82
*Mar 22 15:45:16.611: D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9
*Mar 22 15:45:16.611:
*Mar 22 15:45:16.615: CRYPTO_PKI: (A0315) Session started - identity not specified
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (1661) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (1509) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI: Added x509 peer certificate - (891) bytes
*Mar 22 15:45:16.615: CRYPTO_PKI(Cert Lookup) issuer="cn=Microsoft IT SSL SHA2,ou=Microsoft IT,o=Microsoft Corporation,l=Redmond,st=Washington,c=US" serial number=
5A 00 03 6C 0F 0A 5D 70 D2 BD 8E 66 54 00 01 00
03 6C 0F
*Mar 22 15:45:16.615: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
E3 C1 27 A6 54 FE F3 17 FD CD 33 D5 A6 F1 A4 A8
*Mar 22 15:45:16.615: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.615: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 07 27 AA 47
*Mar 22 15:45:16.615: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
84 F1 0F 0A B1 8D 42 59 DB 7F B9 BC E9 ED 35 29
*Mar 22 15:45:16.619: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.619: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 02 00 00 B9
*Mar 22 15:45:16.619: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
D8 EB F1 DB B7 64 51 6F 5C AE E8 C3 D9 0C 98 70
*Mar 22 15:45:16.619: CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
*Mar 22 15:45:16.619: CRYPTO_PKI: Found a subject match
*Mar 22 15:45:16.619: CRYPTO_PKI: (A0315)validation path has 2 certs
*Mar 22 15:45:16.619: CRYPTO_PKI(Cert Lookup) issuer="cn=Baltimore CyberTrust Root,ou=CyberTrust,o=Baltimore,c=IE" serial number= 07 27 AA 47
*Mar 22 15:45:16.619: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
84 F1 0F 0A B1 8D 42 59 DB 7F B9 BC E9 ED 35 29
*Mar 22 15:45:16.619: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.619: CRYPTO_PKI: crypto_pki_get_cert_record_by_issuer()
*Mar 22 15:45:16.619: CRYPTO_PKI: Found a issuer match
*Mar 22 15:45:16.619: CRYPTO_PKI: (A0315) Using geotrust2 to validate certificate
*Mar 22 15:45:16.619: CRYPTO_PKI(make trusted certs chain)
*Mar 22 15:45:16.619: CRYPTO_PKI: Added 1 certs to trusted chain.
*Mar 22 15:45:16.619: CRYPTO_PKI: Prepare session revocation service providers
*Mar 22 15:45:16.619: P11:C_CreateObject:
*Mar 22 15:45:16.619: CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.619: CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.619: CKA_MODULUS:
A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29
8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39
*Mar 22 15:45:16.619: CKA_PUBLIC_EXPONENT: 01 00 01
*Mar 22 15:45:16.619: CKA_VERIFY_RECOVER: 01
*Mar 22 15:45:16.619: CRYPTO_PKI: Deleting cached key having key id 786
*Mar 22 15:45:16.623: CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.623: CRYPTO_PKI:Peer's public inserted successfully with key id 787
*Mar 22 15:45:16.623: P11:C_CreateObject: 131859
*Mar 22 15:45:16.623: P11:C_GetMechanismInfo slot 1 type 3 (invalid mechanism)
*Mar 22 15:45:16.623: P11:C_GetMechanismInfo slot 1 type 1
*Mar 22 15:45:16.623: P11:C_VerifyRecoverInit - 131859
*Mar 22 15:45:16.623: P11:C_VerifyRecover - 131859
*Mar 22 15:45:16.623: P11:found pubkey in cache using index = 787
*Mar 22 15:45:16.623: P11:public key found is :
30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A
39 02 03 01 00 01
*Mar 22 15:45:16.623: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.623: P11:C_DestroyObject 1:20313
*Mar 22 15:45:16.623: CRYPTO_PKI: Expiring peer's cached key with key id 787
*Mar 22 15:45:16.623: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.623: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.623: CRYPTO_PKI: (A0315) Certificate validated without revocation check
*Mar 22 15:45:16.623: CRYPTO_PKI(Cert Lookup) issuer="cn=Microsoft IT SSL SHA2,ou=Microsoft IT,o=Microsoft Corporation,l=Redmond,st=Washington,c=US" serial number=
5A 00 03 6C 0F 0A 5D 70 D2 BD 8E 66 54 00 01 00
03 6C 0F
*Mar 22 15:45:16.627: CRYPTO_PKI: looking for cert in handle=14061A38, digest=
E3 C1 27 A6 54 FE F3 17 FD CD 33 D5 A6 F1 A4 A8
*Mar 22 15:45:16.627: CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
*Mar 22 15:45:16.627: CRYPTO_PKI: (A0315) Using geotrust2 to validate certificate
*Mar 22 15:45:16.627: CRYPTO_PKI: Prepare session revocation service providers
*Mar 22 15:45:16.627: P11:C_CreateObject:
*Mar 22 15:45:16.627: CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.627: CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.627: CKA_MODULUS:
D1 E8 37 A7 76 8A 70 4B 19 F0 20 37 09 24 37 7F
EA FB 78 E6 05 BA 6A AD 4E 27 0D FC 72 6A D9 6C
D9 AD 68 FD 20 0A 55 91 21 64 F9 D7 13 01 A0 08
5D 59 89 1B 44 AF A4 AC C7 05 10 FA 41 4A A8 FB
*Mar 22 15:45:16.631: CKA_PUBLIC_EXPONENT: 01 00 01
*Mar 22 15:45:16.631: CKA_VERIFY_RECOVER: 01
*Mar 22 15:45:16.631: CRYPTO_PKI: Deleting cached key having key id 787
*Mar 22 15:45:16.631: CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.631: CRYPTO_PKI:Peer's public inserted successfully with key id 788
*Mar 22 15:45:16.631: P11:C_CreateObject: 131860
*Mar 22 15:45:16.631: P11:C_GetMechanismInfo slot 1 type 3 (invalid mechanism)
*Mar 22 15:45:16.631: P11:C_GetMechanismInfo slot 1 type 1
*Mar 22 15:45:16.631: P11:C_VerifyRecoverInit - 131860
*Mar 22 15:45:16.631: P11:C_VerifyRecover - 131860
*Mar 22 15:45:16.631: P11:found pubkey in cache using index = 788
*Mar 22 15:45:16.631: P11:public key found is :
30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
08 5D 59 89 1B 44 AF A4 AC C7 05 10 FA 41 4A A8
FB 02 03 01 00 01
*Mar 22 15:45:16.639: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.639: P11:C_DestroyObject 1:20314
*Mar 22 15:45:16.639: CRYPTO_PKI: Expiring peer's cached key with key id 788
*Mar 22 15:45:16.639: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.639: CRYPTO_PKI: Remove session revocation service providers
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315) Certificate validated without revocation check
*Mar 22 15:45:16.639: PKI: Cert key-usage: Digital-Signature , Key-Encipherment , Key-Encipherment
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315)chain cert was anchored to trustpoint geotrust2, and chain validation result was: CRYPTO_VALID_CERT_WITH_WARNING
*Mar 22 15:45:16.639: CRYPTO_PKI: (A0315) Validation TP is geotrust2
*Mar 22 15:45:16.639: CRYPTO_PKI: PKI session A0315 has ended. Freeing all resources.
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server certificate A
*Mar 22 15:45:16.639: <<< TLS 1.0 Handshake [length 0009], CertificateRequest
*Mar 22 15:45:16.639: 0D 00 00 05 02 01 02 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server certificate request A
*Mar 22 15:45:16.639: <<< TLS 1.0 Handshake [length 0004], ServerHelloDone
*Mar 22 15:45:16.639: 0E 00 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 read server done A
*Mar 22 15:45:16.639: >>> TLS 1.0 Handshake [length 0007], Certificate
*Mar 22 15:45:16.639: 0B 00 00 03 00 00 00
*Mar 22 15:45:16.639:
*Mar 22 15:45:16.639: SSL_connect:SSLv3 write client certificate A
*Mar 22 15:45:16.639: P11:C_FindObjectsInit:
*Mar 22 15:45:16.639: CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.639: CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.639: CKA_MODULUS:
A9 01 39 CF 6A 42 6A E2 2F 24 32 5B 0C 97 44 7D
FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9 1D
*Mar 22 15:45:16.639: CKA_PUBLIC_EXPONENT: 01 00 01
*Mar 22 15:45:16.639: CRYPTO_PKI: Deleting cached key having key id 393
*Mar 22 15:45:16.643: P11:C_FindObjectsFinal
*Mar 22 15:45:16.643: P11:C_CreateObject:
*Mar 22 15:45:16.643: CKA_CLASS: PUBLIC KEY
*Mar 22 15:45:16.643: CKA_KEY_TYPE: RSA
*Mar 22 15:45:16.643: CKA_MODULUS:
A9 01 39 CF 6A 42 6A E2 2F 24 32 5B 0C 97 44 7D
3A A7 8E 67 40 74 FA 03 92 B9 72 FF 48 72 1C EB
FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9 1D
*Mar 22 15:45:16.643: CKA_PUBLIC_EXPONENT: 01 00 01
*Mar 22 15:45:16.643: CRYPTO_PKI: Attempting to insert the peer's public key into cache
*Mar 22 15:45:16.643: CRYPTO_PKI:Peer's public inserted successfully with key id 394
*Mar 22 15:45:16.643: P11:C_CreateObject: 131466
*Mar 22 15:45:16.643: P11:C_EncryptInit
*Mar 22 15:45:16.643: P11:C_Encrypt
*Mar 22 15:45:16.643: P11:found pubkey in cache using index = 394
*Mar 22 15:45:16.643: P11:public key found is :
30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
FC FA 55 BF 8D C3 0D 47 D9 B9 FD EE B6 3E F5 F9
1D 02 03 01 00 01
*Mar 22 15:45:16.647: P11:C_Encrypt
*Mar 22 15:45:16.647: P11:found pubkey in cache using index = 394
*Mar 22 15:45:16.647: P11:public key found is :
30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01
01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01
1D 02 03 01 00 01
*Mar 22 15:45:16.647: P11:CEAL:CRYPTO_NO_ERR
*Mar 22 15:45:16.651: >>> TLS 1.0 Handshake [length 0106], ClientKeyExchange
*Mar 22 15:45:16.651: 10 00 01 02 01 00 1A 44 2C 2C DD 22 28 77 CA F8
*Mar 22 15:45:16.651: A3 F9 A0 96 A7 96 94 8F 07 66 34 17 73 62 7B E6
*Mar 22 15:45:16.651: 41 87 E5 C3 0A 68
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write client key exchange A
*Mar 22 15:45:16.651: >>> TLS 1.0 ChangeCipherSpec [length 0001]
*Mar 22 15:45:16.651: 01
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write change cipher spec A
*Mar 22 15:45:16.651: >>> TLS 1.0 Handshake [length 0010], Finished
*Mar 22 15:45:16.651: 14 00 00 0C 6D BD C4 EE BE F5 31 79 88 7A 10 7A
*Mar 22 15:45:16.651:
*Mar 22 15:45:16.651: SSL_connect:SSLv3 write finished A
*Mar 22 15:45:16.651: SSL_connect:SSLv3 flush data
*Mar 22 15:45:16.679: TCP0: FIN processed
*Mar 22 15:45:16.679: TCP0: state was ESTAB -> CLOSEWAIT [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.679: SSL_connect:failed in SSLv3 read finished A
*Mar 22 15:45:16.679: TCB028F7898 setting property TCP_NONBLOCKING_WRITE (10) 127D7228
*Mar 22 15:45:16.679: TCB028F7898 setting property TCP_NONBLOCKING_READ (14) 127D7228
*Mar 22 15:45:16.679: TCP0: state was CLOSEWAIT -> LASTACK [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.679: TCP0: sending FIN
*Mar 22 15:45:16.679: P11:C_DestroyObject 2:2018A
*Mar 22 15:45:16.679: CRYPTO_PKI: Expiring peer's cached key with key id 394
*Mar 22 15:45:16.703: TCP0: Got ACK for our FIN
*Mar 22 15:45:16.703: TCP0: state was LASTACK -> CLOSED [23193 -> 157.55.9.252(5061)]
*Mar 22 15:45:16.703: Released port 23193 in Transport Port Agent for TCP IP type 1 delay 240000
*Mar 22 15:45:16.703: TCB 0x28F7898 destroyed
CUBE config
crypto pki trustpoint o365trustpoint
enrollment terminal pem
fqdn o365vm.exampleABC.co.uk
subject-name CN=o365vm.exampleABC.co.uk,OU=I.T.,O=exampleABC,L=Hillsborough,ST=Down,C=GB
revocation-check crl
rsakeypair o365rsakeys
!
crypto pki trustpoint GoDaddyRoot
enrollment terminal
revocation-check none
!
crypto pki trustpoint GoDaddyBundle
enrollment terminal
chain-validation continue GoDaddyRoot
revocation-check none
!
crypto pki trustpoint GoDaddyCert
enrollment terminal
subject-name CN=o365vm.exampleABC.co.uk,OU=I.T.,O=exampleABC,L=Hillsborough,ST=Down,C=GB
chain-validation continue GoDaddyBundle
revocation-check crl
rsakeypair o365rsakeys
!
crypto pki trustpoint geotrust
enrollment terminal pem
revocation-check none
!
crypto pki trustpoint TP-self-signed-2170487116
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2170487116
revocation-check none
rsakeypair TP-self-signed-2170487116
!
crypto pki trustpoint geotrust2
enrollment terminal pem
revocation-check none
!
!
crypto pki certificate chain o365trustpoint
crypto pki certificate chain GoDaddyRoot
certificate ca 07
308204D0 308203B8 A0030201 02020107 300D0609 2A864886 F70D0101 0B050030
022FD215 54EE4415 D90AAEA7 8A33EDB1 2D763626 DC04EB9F F7611F15 DC876FEE
469628AD A1267D0A 09A72E04 A38DBCF8 BC043001
quit
crypto pki certificate chain GoDaddyBundle
certificate ca 07
308204D0 308203B8 A0030201 02020107 300D0609 2A864886 F70D0101 0B050030
022FD215 54EE4415 D90AAEA7 8A33EDB1 2D763626 DC04EB9F F7611F15 DC876FEE
469628AD A1267D0A 09A72E04 A38DBCF8 BC043001
quit
crypto pki certificate chain GoDaddyCert
certificate ca 00B42A158D61851696
30820545 3082042D A0030201 02020900 B42A158D 61851696 300D0609 2A864886
08E71360 BDA9ED8D B3FF1A8A 2FCD17B2 158E2C06 30BDAF77 77BB8A21 EC71B0E0
EF92A547 9E5D6883 E3
quit
crypto pki certificate chain geotrust
certificate ca 01A5
3082025A 308201C3 020201A5 300D0609 2A864886 F70D0101 04050030 75310B30
9593EFCB 94D89E1F 9D5C856D C7AAAE4F 1F22B5CD 95ADBAA7 CCF9AB0B 7A7F
quit
crypto pki certificate chain TP-self-signed-2170487116
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
45288E41 EAD04B3D 62264F10 062F0524 53410BD4 E0136561 000434DB 404A6B6D
607DDF60 8D3A06CC CA04A276 F4898B
quit
crypto pki certificate chain geotrust2
certificate ca 020000B9
30820377 3082025F A0030201 02020402 0000B930 0D06092A 864886F7 0D010105
47D2382E D0FE81DC 326A1EB5 EE3CD5FC E7811D19 C32442EA 6339A9
quit
ip cef
!
!
!
!
!
!
ip domain name exampleABC.co.uk
ip name-server 8.8.8.8
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
dsp services dspfarm
!
!
!
voice service voip
ip address trusted list
ipv4 172.16.0.0 255.255.0.0
no notify redirect ip2ip
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
supplementary-service media-renegotiate
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
rel1xx disable
!
voice class codec 4
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
!
!
!
redundancy
!
!
!
interface GigabitEthernet0/0
ip address 172.16.220.18 255.255.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 213.105.58.243 255.255.255.240
duplex auto
speed auto
!
no ip address
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip http secure-trustpoint GoDaddyCert
!
nls resp-timeout 1
cpd cr-id 1
!
!
control-plane
!
dspfarm profile 1 transcode universal security
codec g729r8
codec g711ulaw
codec g711alaw
maximum sessions 3
associate application CUBE
shutdown
!
dial-peer voice 1 voip
description ## from CUCM ##
session protocol sipv2
session transport tcp
incoming called-number 8800
voice-class codec 4 offer-all
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
no vad
!
dial-peer voice 2 voip
description ## to o365 ##
destination-pattern 8800
session protocol sipv2
session target dns:7c549478-5f9d-406f-a320-a947dae746be.um.outlook.com
session transport tcp tls
voice-class codec 4 offer-all
voice-class sip call-route url
voice-class sip options-keepalive
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
srtp fallback
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
no vad
!
dial-peer voice 3 voip
description ## from o365 ##
shutdown
session protocol sipv2
session transport tcp tls
incoming called-number .%
voice-class codec 4 offer-all
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
srtp fallback
no vad
!
!
sip-ua
crypto signaling default trustpoint GoDaddyCert
!
06-07-2017 12:26 PM
Did you ever get a working CUBE configuration to Office 365 UM? I'm banging my head against the wall. I'm pretty sure we've got TLS configured correctly as 365 answers our SIP call as SRTP but then immediately issues BYE message.
Would you be willing to share your configuration?
06-08-2017 03:17 AM
yeah, was an issue with TLS. Cnat remeber exactly what. If you are seing SIP messages going back and forth your TLS config is working
Are your 365 dialpeers configured to use SRTP and are you xcoding form RTP to SRTP for 365?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide