Solved: CUCM and Sip trunk

pcromwell · ‎02-22-2021

We are wanting to connect our on prem CUCM to a cloud based SBC. Is there any reason that I can't create a secure sip trunk directly from CUCM to the cloud based SBC? I am assuming, that as long as it is encrypted, all security aspects are covered? I appreciate the Sip trunk would normally be terminated at the Cube, but I am curious as to any reason a direct approach cannot be taken?

Roger Kallberg · ‎02-22-2021

Number one reason is that you would have to open up for all devices in your network to communicate directly with the cloud SBC as the RTP stream would go directly between the phone and the cloud SBC. The trunk from CM to the cloud SBC will only handle signaling. This would expose you’re entire network to the service provider. With a SBC (Cube) on your side this would not be the case as it acts as a demarcation point between your internal network and the service provider SBC. With a SBC both signaling and media streams flows through the device and as such hides the internal network from the service provider.

View solution in original post

Roger Kallberg · ‎02-22-2021

Number one reason is that you would have to open up for all devices in your network to communicate directly with the cloud SBC as the RTP stream would go directly between the phone and the cloud SBC. The trunk from CM to the cloud SBC will only handle signaling. This would expose you’re entire network to the service provider. With a SBC (Cube) on your side this would not be the case as it acts as a demarcation point between your internal network and the service provider SBC. With a SBC both signaling and media streams flows through the device and as such hides the internal network from the service provider.

pcromwell · ‎02-23-2021

yes, that makes perfect sense, thank you Roger for identifying a very good reason.