01-13-2023 12:13 AM
Hi all,
I'm trying to configure a trunk between my Cisco CUBES(ISR4431) to Genesys Cloud for a new implementation
Has anybody made this challange ?
It works with SIP/RTP and SIP/SRTP but when i switch to SIP with TLS it fails.
TLS Handshake between Cube an Genesys is completed and cube sents a invite to Genesys but no response to this, TLS Connection will be closed from Genesys side. Otherwise, call from Genesys cloud, i can see TLS Handshake in pcap at my cube but i dont get data from there after tls is completed.
Unfortunately, the genesys colleagues have almost no information and access to the system as it is a cloud service.
(Their service partner looks like they don't have a clue either)
I run 17.06.03a on cube, TLS to CUCM works fine
may someone has implemented this successfully
Thanks
01-13-2023 12:23 AM
Do you see open TLS connections towards Genesys in "show sip-ua connections tcp tls details"?
Can you post a full output of "debug ccsip all" and also the running config (without sensitive data like username, password, enable secret, ...)
05-27-2024 02:41 PM
Can you please share your configuration that you made in the CUBE to establish the trunk with Genesis PureCloud please thank you.
01-16-2023 01:06 AM
yes, i see TLS connection, i see a successful handshake in pcap on cube s interface.
TAC confirmed that TLS connection is fine.
Genesys doesn´t reply to an INVITE for my site, they don´t send any SIP , so Genesys should step in with troubleshooting assistance.
Unfortunately we don t get any usefull thing for genesys support. They ask us to check our firewall .......
01-18-2023 08:31 AM
If the TLS is up and running, then you can only assume, that the SIP INVITE gets to the other side. As it is encrypted, you won't see in any pcap trace.
And if the other side is not very helpful, then you are ...
Have you asked, if the platform is answering SIP OPTIONS ping? If yes, you could check with that, if at least the platform is answering to something.
It doesn't automatically mean, that they then answer your SIP INVITE, as the message or some headers could be in the wrong format. But then, they need to provide you the info, how the INVITE needs to look like.
01-19-2023 12:19 AM
no, they don´t answer to options ping.
We see that they terminate TLS by sendiung RST
But we get an Answer from Genesys Support .Quote: "While working with my colleague he reminded me that we have seen very similar behavior from a Cube in the past. The previous customer was able to take their captures to Cisco and Cisco was able to identify an issue. The fix Cisco recommended may not be universal to all cubes or environment so I won’t mention what the fix was here."
we see this before - but i don t tell you more about this - ..... unbelievable
01-19-2023 01:43 AM
add: ios is now 17.6.4
(17.6.3 has defect CSCwb40096 Extra "+" getting added in Outgoing Invite in Contact/FROM/PAI header no. )
01-19-2023 02:40 AM
If they don't provide any info about how to interconnect with them, then it's just trail and error.
01-31-2023 11:25 PM
I have a opened a TAC case and get one of the best TAC Engineers - he found a solution
The issue is affected by packet size, so we can fix it with ip tcp mss 1400 or/and ip tcp path-mtu-discover
01-31-2023 11:34 PM
This is a hell of a finding. Great work (y).
11-29-2023 07:36 AM
Hello MIB, Trying to set up TLS between CUBE and Genesys, could you please sharing the configuration that you used in CUBE ?
11-29-2023 07:50 AM
04-11-2024 07:10 AM
Hi MIB,
I am trying to enable TLS on my connection between my CUBE and Genesys Cloud. Could you share your experience please?
Thanks.
12-27-2023 10:09 PM - edited 01-12-2024 09:45 PM
Setting up a TLS (Transport Layer Security) connection between Cisco Cube and Genesys CX involves configuring both systems to use secure communication. Here's a general guide on how you can achieve this:
Cisco Cube TLS Configuration:
1. Generate Certificates:
- Obtain or generate X.509 certificates for the Cisco Cube. You may use a certificate authority (CA) to sign these certificates.
2. Upload Certificates to Cisco Cube:
- Upload the generated certificates (public and private key) to the Cisco Cube.
- Use the following commands on the Cisco Cube:
voice service voip
tls srtp
certificate <certificate_name> [password <password>]
3. Configure SIP TLS on Cisco Cube:
- Enable SIP TLS on the Cisco Cube using the following commands:
voice service voip
sip
bind control source-interface <interface_name>
tls bind source-interface <interface_name>
4. Define SIP Profile:
- Define a SIP profile that uses TLS. Example:
voice class sip-profiles 1
request ANY sip-header Via modify "<sip_profile_name>"
5. Apply SIP Profile:
- Apply the SIP profile to your voice service configuration:
voice service voip
sip
sip-profiles 1