Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3738
Views
61
Helpful
34
Replies

Cisco Cube - SIP - T-Mobile Company Flex Service

Go to solution
msasala
Level 1
Level 1

‎07-05-2022 09:35 AM

We recently had to move from an ISDN Hand-Off to a SIP Based Service from T-Mobile called Company Flex

I was able to find a guide from another post, https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/discussions-uc-infrastructure/168390/1/Telekom%20Company%20Flex%20DE.pdf

 

I am not able to get the SIP Trunk to register to tel.t-online.de

 

It looks like the A record for them was replaced with an SRV record, but im not sure what would need to be done from the CUBE side to setup a connection to the SIP Domain.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
msasala
Level 1
Level 1

‎07-19-2022 08:48 AM

I wanted to post what needed to be done to Register the SIP Trunk.

In April the Telkom changed to using TLS Registration and we needed their public cert installed and referenced in the sip-ua config. Here is what made the registration work

voice class tenant 2000
registrar dns:tel.t-online.de expires 480 tcp tls
credentials number +4919929600000044XXXX username +4919929600000044XXXX@tel.t-online.de password 6 (password) realm tel.t-online.de
authentication username +49199296000000449050@tel.t-online.de password 6 (password) realm tel.t-online.de
no remote-party-id
timers dns registrar-cache ttl
sip-server dns:tel.t-online.de
session transport tcp tls
no session refresh
header-passing
error-passthru
asserted-id ppi
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0
no pass-thru content custom-sdp
conn-reuse
sip-profiles 3000
outbound-proxy dns:55113799XXXX.primary.companyflex.de
privacy-policy passthru

sip-ua
timers connection aging 10
no transport udp
transport tcp tls v1.2
crypto signaling default trustpoint (cert name)

We also ran into an issue with RTP, now that TLS is being used, we need to add these commands to the DIal-Peers

Provider Dial-Peers

srtp

CUCM Dial Peers

voice-class sip srtp negotiate cisco

srtp fallback

Lastly, we had run into this Bug on the version i had just installed, glad someone from TAC was able to help with this as i was very lost on why calls were not working.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz80171

View solution in original post

34 Replies 34

Go to solution
Roger Kallberg
VIP
VIP

‎07-05-2022 09:46 AM

Could you please post your current configuration and any specific information that you have got from your service provider?



Response Signature


Go to solution
Elliot Dierksen
VIP
VIP

‎07-05-2022 01:29 PM

You aren't registering with the provider because there is no "sip-ua" block that tells the router to do so. Something roughly like this.

sip-ua
 credentials username 5555551234 password 0 My-secret-password realm registrar.myprovider.com
 authentication username 5555551234 password 0 My-secret-password realm registrar.myprovider.com
 registrar dns:registrar.myprovider.com expires 60
 sip-server dns:registrar.myprovider.com

The "dns:" argument is referencing a DNS SRV record. See an explanation here.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-sip-dns-srv-rfc2782.html#id_99479 

Go to solution
Roger Kallberg
VIP
VIP
In response to Elliot Dierksen

‎07-05-2022 01:32 PM

From what I saw he is doing the registration in a tenant configuration, with this there is no need definite this in the sip-ua.



Response Signature


Go to solution
Elliot Dierksen
VIP
VIP
In response to Roger Kallberg

‎07-05-2022 01:37 PM

Thanks @Roger Kallberg , I missed that. I think you don't need the "@tel.t-online.de" in the user ID for registration since that domain is already specified in the "realm". Perhaps that is why the registration is failing.

Go to solution
msasala
Level 1
Level 1
In response to Elliot Dierksen

‎07-05-2022 01:47 PM

i have this in now, still not able to register

voice class tenant 2000
registrar dns:tel.t-online.de expires 480 tcp
credentials number +49199296000000449050 username +49199296000000449050@tel.t-online.de password 7 10640E0A074519055D realm tel.t-online.de
authentication username +49199296000000449050@tel.t-online.de password 7 04710C150D73474058

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to msasala

‎07-05-2022 10:50 PM

T-Mobile support should be able to help you out verifying your settings for the registration. Have you checked with them?



Response Signature


Go to solution
msasala
Level 1
Level 1
In response to Roger Kallberg

‎07-05-2022 11:55 PM

I emailed them yesterday and still waiting for a reply, i had a hard time find contact info.

0 Helpful

Go to solution
msasala
Level 1
Level 1
In response to Elliot Dierksen

‎07-05-2022 02:10 PM - edited ‎07-06-2022 12:07 AM

i added this with no luck
ip host _sip._tcp.tel.t-online.de srv 1 50 5060 TMobile1
ip host _sip._tcp.tel.t-online.de srv 1 50 5060 TMobile2
ip host _sip._tcp.tel.t-online.de srv 1 50 5060 TMobile3
ip host TMobile1 194.25.0.60
ip host TMobile2 194.25.0.68
ip host TMobile3 194.25.0.52

0 Helpful

Go to solution
Elliot Dierksen
VIP
VIP
In response to msasala

‎07-05-2022 03:32 PM

I wouldn't hard code those SRV records. You would be stuck if they change. You should add some DNS servers to the router. Add at least two DNS servers.

ip name-server X.X.X.X
ip name-server Y.Y.Y.Y

Go to solution
msasala
Level 1
Level 1
In response to Elliot Dierksen

‎07-05-2022 11:48 PM - edited ‎07-05-2022 11:52 PM

I did have some in there, but i was trying to see if i had just theirs if it would allow me to ping tel.t-online.de. I just re-added the local ones i had in before. Now if i try to ping tel.t-online.de i just get "Unrecognized host or address, or protocol not running."

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to msasala

‎07-06-2022 02:45 AM

Have you turned on DNS resolution in your gateway?

ip domain lookup source-interface GigabitEthernet0/0/0

You'll need to use source-interface if you have multiple interfaces and want to control what int to use for name resolution.



Response Signature


0 Helpful

Go to solution
msasala
Level 1
Level 1
In response to Roger Kallberg

‎07-06-2022 02:49 AM

We just have one interface on the voice router
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to msasala

‎07-07-2022 12:48 AM - edited ‎07-07-2022 01:37 AM

That is a sort of an odd setup for an SBC as you would not get an inside and outside interface for the demarcation between your internal network and the service provider network. I know it works in theory, but still it is a somewhat goofy setup. I would actually recommend you consider changing this so that you have two interfaces as that gives you a much clearer demarcation point and IMHO a much easier system to maintain and not to forget troubleshoot in the long run. Based on your shared configuration earlier I think that you source the traffic to the SP from a loopback interface, if that is so you might as well just use a physical interface, with that IP set on it, on the SBC and connect that to the SP provided equipment/connection.



Response Signature


0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to msasala

‎07-05-2022 10:52 PM

I agree with @Elliot Dierksen it is a bad idea to hard code these name entries. It’s much better to use a DNS service to resolve these names.



Response Signature


0 Helpful
Customers Also Viewed These Support Documents