cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2205
Views
5
Helpful
3
Replies

step by step guide to configure SIP trunk on 2911 CME

kieranArnold
Level 1
Level 1

I'm new in CME and I have to configure sip trunk, is there a step by step guide ?  or can you give guidance e.g command line entries and  syntax  any help would be greatly appreciated.  

1 Accepted Solution
3 Replies 3

cstamataras
Level 1
Level 1

Thank you George.

How can we configure the SIP trunk with

SRTP and TLS 1.2?
I have done until now

dial-peer voice 3000 voip
destination-pattern 3...
translate-outgoing calling 1
session protocol sipv2
session target ipv4:1.2.3.4:5080
session transport tcp tls
voice-class codec 2
voice-class sip srtp-auth sha1-80 sha1-32
voice-class sip dtmf-relay force rtp-nte
voice-class sip tenant 1
voice-class sip srtp-crypto 1
voice-class sip bind control source-interface GigabitEthernet0/0/0
voice-class sip bind media source-interface GigabitEthernet0/0/0
dtmf-relay rtp-nte
srtp fallback
ip qos dscp cs3 signaling
no vad

sip-ua
sip-server ipv4:1.2.3.4:5080
transport tcp tls v1.2
connection-reuse via-port
crypto signaling remote-addr 1.2.3.4 255.255.255.255 trustpoint cube1
crypto signaling default trustpoint cube1
presence enable

crypto pki trustpoint cube1
enrollment selfsigned
revocation-check none
rsakeypair RSA2048 2048

on the voice service voip, due to another trunk with the provider that sends the calls unencrypted, I have the following

voice service voip
sip
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
registrar server expires max 1200 min 300
early-offer forced

voice class tenant 1
sip-server ipv4:1.2.3.4:5080
srtp-crypto 1
srtp-auth sha1-80 sha1-32
session transport tcp tls
url sips
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0

voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80
crypto 2 AES_CM_128_HMAC_SHA1_32

voice class tls-profile 1
trustpoint cube1
cn-san validate server

and it does not work. The server does not check for the client (my router) certificate, only the client should check the server certificate. In the crypto pki trustpoint cube1, I have installed the root certificate that created the remote server certificate.

Anything missing from the config ?

As your question is off topic to the OP it would be best if you where to post it in your own post. Apart from that this post is marked as solved and have a few years in the making, so a question on that is not recommended.



Response Signature