09-05-2022 02:48 AM
Hi,
I am trying to setup voice connection between Microsoft Teams (Direct Routing) and Cisco (CUBE + CUCM).
Scenario 1: Call from CUCM to Teams: CUBE send INVITE to all three MS servers, but we get no response
Scenario 2: Call from Teams to CUCM: MS sends INVITE to CUBE > CUCM, the phone rings, it is picked up, but the MS Teams client is not connected and hears only ringing tone.
The MS portal shows the SBC connection as active (TLS connectivity status + SIP Options):
The trunk between CUCM and CUBE is OK as well:
Details:
Cisco phone (7841): 172.24.34.164, Extension 1888 (+421 2 58 222 888)
CUCM (12.5.1): 172.24.34.71 (route pattern 3XXX is pointing to SIP trunk, translated on CUBE to MS number)
CUBE (CSR 1000V): sbc.gram.sk: inside: 172.24.34.162, outside: 102.119.228.9
MS Teams client: +421 2 58 222 156
Has anyone managed to get this setup working? Please help. Thank you.
Debug and some show commands are attached for both scenarios.
CUBE config:
sbc.gram.sk#sh run
Building configuration...
Current configuration : 21987 bytes
!
! Last configuration change at 16:47:09 CEDT Fri Aug 26 2022 by root
! NVRAM config last updated at 16:54:48 CEDT Fri Aug 26 2022 by root
!
version 17.3
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname sbc.gram.sk
!
boot-start-marker
boot system flash bootflash:csr1000v-universalk9.17.03.05.SPA.bin
boot-end-marker
!
!
logging buffered 2000000
enable secret 9 $9$9u860rCMPrdZQ.$7AiMc071TzkDnWCL9.Lokp6Ru9g1Sw3WoFYXVrT3/Xo
!
aaa new-model
!
!
aaa group server radius RADIUS-SERVERS
server name RADIUS-SERVER-1
!
aaa authentication login default local group RADIUS-SERVERS
aaa authentication login use_line line
aaa authentication dot1x default group RADIUS-SERVERS
aaa authorization exec default local group RADIUS-SERVERS
aaa authorization network default local group RADIUS-SERVERS if-authenticated
!
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
!
!
!
!
!
ip host cucm.cucm.sk 172.24.34.71
ip host sbc.gram.sk 172.24.34.162
ip name-server 172.24.31.10 172.24.34.160
ip domain name gram.sk
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
voice service voip
ip address trusted list
ipv4 172.24.34.71
ipv4 52.0.0.0 255.0.0.0
rtcp keepalive
address-hiding
mode border-element
allow-connections sip to sip
no supplementary-service sip refer
supplementary-service media-renegotiate
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
trace
sip
session refresh
header-passing
error-passthru
pass-thru headers 290
sip-profiles inbound
!
!
voice class uri 50 sip
host dns:sip.pstnhub.microsoft.com
host dns:sip2.pstnhub.microsoft.com
host dns:sip3.pstnhub.microsoft.com
!
voice class uri 290 sip
host sbc.gram.com
!
voice class uri 190 sip
pattern 172.24.34.71
voice class codec 1
codec preference 1 g711ulaw
!
voice class stun-usage 1
stun usage ice lite
!
!
voice class sip-profiles 200
rule 10 request ANY sip-header Contact modify "@.*:" "@sbc.gram.sk:"
rule 20 response ANY sip-header Contact modify "@.*:" "@sbc.gram.sk:"
rule 30 request ANY sip-header SIP-Req-URI modify "sip:(.*):5061 (.*)" "sip:\1:5061;user=phone \2"
rule 40 request ANY sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX MS SBC: Cisco UBE/ISR4321/\1"
rule 50 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX MS SBC: Cisco UBE/ISR4321/\1"
rule 60 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 70 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "102.119.228.9"
rule 80 request ANY sdp-header Audio-Attribute modify "(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 90 response ANY sdp-header Audio-Attribute modify "(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*" "a=label:main audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*" "a=label:main audio"
rule 260 response 486 sip-header Reason modify "cause=34;" "cause=17;"
!
voice class sip-profiles 290
rule 10 request REFER sip-header From copy "@(.*com)" u05
rule 15 request REFER sip-header From copy "sip:(sip.*com)" u05
rule 20 request REFER sip-header Refer-To modify "sip:\+(.*)@.*:5061" "sip:+AAA\1@\u05:5061"
rule 30 request REFER sip-header Refer-To modify "<sip:sip.*:5061" "<sip:+AAA@\u05:5061"
rule 40 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 50 request ANY sdp-header Audio-Attribute modify "a=ice-.*" "a=label:main-audio"
rule 60 request ANY sdp-header Attribute modify "a=ice-.*" "a=label:main-audio"
!
voice class sip-profiles 299
rule 10 request OPTIONS sip-header From modify "<sip:.*:5061" "<sip:sbc.gram.sk"
rule 20 request OPTIONS sip-header Contact modify "<sip:.*:5061" "<sip:sbc.gram.sk"
rule 30 request OPTIONS sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
!
voice class sip-profiles 10
request INVITE sip-header To modify "<sip:3" "<sip:+421258222"
!
voice class sip-profiles 280
rule 10 request ANY sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 20 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 30 request INVITE sip-header SIP-Req-URI copy "@(.*:5061)" u01
rule 40 request INVITE sip-header From copy "@(.*)>" u02
rule 71 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA@" "sip:"
rule 80 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA" "sip:+"
rule 90 request INVITE sip-header History-Info modify "<sip:\+AAA@" "<sip:"
rule 100 request INVITE sip-header History-Info modify "<sip:\+AAA" "<sip:+"
rule 110 request INVITE sip-header To modify "<sip:\+AAA@(.*)>" "<sip:\u01>"
rule 120 request INVITE sip-header To modify "<sip:\+AAA(.*)@.*>" "<sip:+\1@\u01>"
rule 130 request ANY sip-header Contact modify "@.*:" "@\u02:"
rule 140 response ANY sip-header Contact modify "@.*:" "@\u02:"
rule 150 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 160 response 200 sdp-header Session-Owner copy "IN IP4 (.*)" u04
rule 170 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "\u04"
rule 180 response 486 sip-header Reason modify "cause=34;" "cause=17;"
!
voice class sip-event-list 1
event message-summary
!
!
voice class sip-hdr-passthrulist 290
passthru-hdr Referred-By
!
!
voice class e164-pattern-map 200
e164 +421258222...
!
!
voice class sip-options-keepalive 200
transport tcp tls
sip-profiles 299
!
voice class tenant 200
handle-replaces
srtp-crypto 1
localhost dns:sbc.gram.sk
session transport tcp tls
no referto-passing
bind control source-interface GigabitEthernet3
bind media source-interface GigabitEthernet3
pass-thru headers 290
no pass-thru content custom-sdp
no conn-reuse
sip-profiles 200
sip-profiles 290 inbound
early-offer forced
block 183 sdp present
!
voice class tenant 100
srtp-crypto 1
localhost dns:sbc.gram.sk
session transport tcp tls
bind control source-interface GigabitEthernet1
bind media source-interface GigabitEthernet1
no pass-thru content custom-sdp
no conn-reuse
sip-profiles 200
early-offer forced
!
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80
!
!
!
!
voice translation-rule 10
rule 1 /^3\(...\)/ /+421258222\1/
!
voice translation-rule 11
rule 1 /^1\(...\)/ /+421258222\1/
!
voice translation-rule 290
rule 1 /^\+421258222/ /1/
!
!
!
voice translation-profile FromTEAMS
translate called 290
!
voice translation-profile OutgoingToTEAMS
translate calling 11
translate called 10
!
!
!
!
crypto pki trustpoint sbc
enrollment terminal
fqdn sbc.gram.sk
subject-name cn=sbc.gram.sk
subject-alt-name sbc.gram.sk
revocation-check none
rsakeypair sbc
!
crypto pki trustpoint cucm
enrollment terminal
revocation-check none
!
!
crypto pki certificate chain sbc
certificate 0383A3FDFE9698111ED87126D4294E712010
30820522 3082040A A0030201 02021203 83A3FDFE 9698111E D87126D4 294E7120
10300D06 092A8648 86F70D01 010B0500 3032310B 30090603 55040613 02555331
6E27160B 32E0BFCD AA92F1D0 6CC08120 F5B461EA C90B9788 18900B46 7BCEF2EC
D6DD783F 00E5F124 23275990 9938EA52 016E4D35 07388A6E A05C4012 793A7A81
6CCB65C8 8ADB
quit
certificate ca 00912B084ACF0C18A753F6D62E25A75F5A
30820516 308202FE A0030201 02021100 912B084A CF0C18A7 53F6D62E 25A75F5A
300D0609 2A864886 F70D0101 0B050030 4F310B30 09060355 04061302 55533129
30270603 55040A13 20496E74 65726E65 74205365 63757269 74792052 65736561
A2094746 3FF0E9B0 B7FF284D 6832D667 5E1E69A3 93B8F59D 8B2F0BD2 5243A66F
3257654D 3281DF38 53855D7E 5D6629EA B8DDE495 B5CDB556 1242CDC4 4EC62538
44506DEC CE005518 FEE94964 D44ECA97 9CB45BC0 73A8ABB8 47C2
quit
crypto pki certificate chain cucm
certificate ca 492BE52DDB502E198D5EB34FC4429D50
30820393 3082027B A0030201 02021049 2BE52DDB 502E198D 5EB34FC4 429D5030
0D06092A 864886F7 0D01010B 05003054 310B3009 06035504 06130253 4B310A30
08060355 040A0C01 6F310A30 08060355 040B0C01 75311530 13060355 04030C0C
6375636D 2E637563 6D2E736B 310A3008 06035504 080C0173 310A3008 06035504
070C016C 301E170D 32323038 31363230 32333535 5A170D32 37303831 35323032
2890363E AE17709C FB932EF7 72A3AE34 3D632167 47066EEA 166EBBB1 EC1AEC00
8C325424 A102F460 26A2AC9F FF5D0CF3 98B6A51C E666ECBA 9862E781 61174D24
0DF011E6 2DD17764 653F7472 53C46BCA A0A04961 99D6ED
quit
!
crypto pki certificate pool
cabundle nvram:ios.p7b
cabundle nvram:ios_core.p7b
!
license udi pid CSR1000V sn 99Q6DABCUUY
license boot level ax
diagnostic bootup level minimal
memory free low-watermark processor 72301
!
!
spanning-tree extend system-id
dial-control-mib retain-timer 720
!
username root privilege 15 secret XXX
!
redundancy
!
interface GigabitEthernet1
ip address 172.24.34.163 255.255.255.0 secondary
ip address 172.24.34.162 255.255.255.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
ip address 172.24.13.14 255.255.255.0
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
ip address 102.119.228.9 255.255.255.128
negotiation auto
no mop enabled
no mop sysid
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet3 102.119.228.126
ip route 172.24.0.0 255.255.0.0 GigabitEthernet2 172.24.13.1
ip route 172.24.0.0 255.255.0.0 172.24.34.1 200
ip route 192.168.0.0 255.255.0.0 172.24.34.1 200
ip route 192.168.212.0 255.255.254.0 GigabitEthernet2 172.24.13.1
ip ssh rsa keypair-name ssh-key
ip ssh version 2
!
ip access-list extended IPT
10 permit ip any host 172.24.11.14
20 permit ip host 172.24.11.14 any
30 permit ip any host 172.24.12.11
40 permit ip host 172.24.12.11 any
50 permit ip any host 172.24.13.14
60 permit ip host 172.24.13.14 any
70 permit ip any host 172.24.34.44
80 permit ip host 172.24.34.44 any
90 permit ip any 52.0.0.0 0.255.255.255
100 permit ip 52.0.0.0 0.255.255.255 any
ip access-list extended IPT2
10 permit ip any host 172.24.34.71
20 permit ip host 172.24.34.71 any
30 permit ip any host 172.24.34.164
40 permit ip host 172.24.34.164 any
!
ip radius source-interface GigabitEthernet1
logging trap debugging
logging facility local4
logging source-interface GigabitEthernet1
ip access-list standard 1
10 permit 192.168.0.0 0.0.255.255
20 permit 172.24.0.0 0.0.255.255
!
!
!
!
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
!
!
control-plane
!
!
!
!
dial-peer voice 10 voip
description incoming dial-peer from CUCM to CUBE
translation-profile incoming OutgoingToTEAMS
session protocol sipv2
session transport tcp tls
incoming called-number 3...
incoming uri from 190
voice-class codec 1
voice-class sip profiles 10 inbound
voice-class sip tenant 100
voice-class sip bind control source-interface GigabitEthernet1
voice-class sip bind media source-interface GigabitEthernet1
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 20 voip
description outgoing dial-peer from CUBE to CUCM
destination-pattern 1...
session protocol sipv2
session target dns:cucm.cucm.sk:5061
session transport tcp tls
voice-class codec 1
voice-class sip options-ping 60
voice-class sip tenant 100
voice-class sip options-keepalive
voice-class sip bind control source-interface GigabitEthernet1
voice-class sip bind media source-interface GigabitEthernet1
dtmf-relay rtp-nte
srtp
!
dial-peer voice 200 voip
description towards Phone System Proxy 1
preference 1
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip.pstnhub.microsoft.com:5061
destination e164-pattern-map 200
voice-class codec 1
voice-class sip options-ping 60
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
voice-class sip bind control source-interface GigabitEthernet3
voice-class sip bind media source-interface GigabitEthernet3
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 201 voip
description towards Phone System Proxy 2
preference 2
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip2.pstnhub.microsoft.com:5061
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
voice-class sip bind control source-interface GigabitEthernet3
voice-class sip bind media source-interface GigabitEthernet3
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 202 voip
description towards Phone System Proxy 3
huntstop
preference 3
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip3.pstnhub.microsoft.com:5061
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
voice-class sip bind control source-interface GigabitEthernet3
voice-class sip bind media source-interface GigabitEthernet3
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 280 voip
description Phone System REFER routing
destination-pattern +AAAT
rtp payload-type comfort-noise 13
session protocol sipv2
session target sip-uri
voice-class codec 1
voice-class sip profiles 280
voice-class sip tenant 200
voice-class sip requri-passing
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 290 voip
description inbounf from Microsoft Phone System
translation-profile incoming FromTEAMS
rtp payload-type comfort-noise 13
session protocol sipv2
session transport tcp tls
incoming called-number +421258222...
voice-class codec 1
voice-class sip tenant 200
voice-class sip bind control source-interface GigabitEthernet3
voice-class sip bind media source-interface GigabitEthernet3
dtmf-relay rtp-nte
srtp
no vad
!
!
sip-ua
no remote-party-id
retry invite 2
transport tcp tls v1.2
crypto signaling default trustpoint sbc
handle-replaces
!
!
line con 0
exec-timeout 30 0
password AAA
login authentication use_line
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 30 0
password AAA
history size 100
transport preferred none
transport input ssh
transport output telnet ssh
line vty 5 15
access-class 1 in
history size 100
transport input ssh
transport output telnet ssh
!
ntp server 172.24.95.1
!
!
!
!
!
end
sbc.gram.sk#
sbc.gram.sk#
sbc.gram.sk#sh ver
Cisco IOS XE Software, Version 17.03.05
Cisco IOS Software [Amsterdam], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Wed 09-Feb-22 10:35 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2022 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
sbc.gram.sk uptime is 1 day, 4 hours, 38 minutes
Uptime for this control processor is 1 day, 4 hours, 39 minutes
System returned to ROM by reload at 12:15:01 CEDT Thu Aug 25 2022
System restarted at 12:17:13 CEDT Thu Aug 25 2022
System image file is "bootflash:csr1000v-universalk9.17.03.05.SPA.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: ax
License Type: N/A(Smart License Enabled)
Next reload license Level: ax
The current throughput level is 1000 kbps
Smart Licensing Status: UNREGISTERED/No Licenses in Use
cisco CSR1000V (VXE) processor (revision VXE) with 2070688K/3075K bytes of memory.
Processor board ID 99Q6DVY0UUY
Router operating mode: Autonomous
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3978236K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.
Configuration register is 0x2102
sbc.gram.sk#
sbc.gram.sk#
sbc.gram.sk#sh dial-pee voi sum
dial-peer hunt 0
AD PRE PASS SESS-SER-GRP\ OUT
TAG TYPE MIN OPER PREFIX DEST-PATTERN FER THRU SESS-TARGET STAT PORT KEEPALIVE VRF
10 voip up up 0 syst NA
20 voip up up 1... 0 syst dns:cucm.cucm.sk:506 active NA
200 voip up up map:200 1 syst dns:sip.pstnhub.micr active NA
201 voip up up map:200 2 syst dns:sip2.pstnhub.mic active NA
202 voip up up map:200 3 syst dns:sip3.pstnhub.mic active NA
280 voip up up +AAAT 0 syst sip-uri NA
290 voip up up 0 syst NA
For server-grp details please execute command:show voice class server-group <tag_id>
To see complete session target for ipv6 use 'sh running-config | section dial-peer <tag>
sbc.gram.sk#
sbc.gram.sk#
sbc.gram.sk#sh tcp brie
TCB Local Address Foreign Address (state)
7FB06E270B90 sbc.gram.sk.5061 sip-du-a-euwe.westeurope.cl ESTAB
oudapp.azure.com.25792
7FB0DE3A2738 sbc.gram.sk.16666 52.114.132.46.5061 ESTAB
7FB0DE417A60 sbc.gram.sk.17107 sip-du-a-jaea.japaneast.clo ESTAB
udapp.azure.com.5061
7FB0DE3DC868 172.24.34.163.22 lan-bubomir.intra.ditec.sk ESTAB
.50154
7FB0D274E9F0 sbc.gram.sk.5061 52.114.132.46.33065 ESTAB
7FB0CF5FE3E0 sbc.gram.sk.5061 52.114.132.46.33064 ESTAB
7FB0DE3C6DE0 sbc.gram.sk.5061 sip-du-a-jaea.japaneast.clo ESTAB
udapp.azure.com.52608
7FB0CF5F6F78 sbc.gram.sk.5061 cucm.cucm.sk.38512 ESTAB
7FB0DDF15118 sbc.gram.sk.21330 cucm.cucm.sk.5061 ESTAB
7FB0DDDD8420 sbc.gram.sk.35381 52.114.76.76.5061 ESTAB
7FB0CF639610 sbc.gram.sk.42713 sip-du-a-euwe.westeurope.cl ESTAB
oudapp.azure.com.5061
7FB0D274B7F8 sbc.gram.sk.5061 sip-du-a-jaea.japaneast.clo ESTAB
udapp.azure.com.52609
7FB0D26F79A8 sbc.gram.sk.5061 52.114.76.76.21056 ESTAB
7FB0D7D64250 sbc.gram.sk.5061 sip-du-a-euwe.westeurope.cl ESTAB
oudapp.azure.com.26240
7FB0DDF3E660 sbc.gram.sk.5061 52.114.76.76.21057 ESTAB
sbc.gram.sk#
Solved! Go to Solution.
09-26-2022 04:29 AM - edited 09-26-2022 04:30 AM
Good find and thank you for sharing. You must have found and used an old version of the document as when we did a PoC setup for Teams calling with Cube setup for Direct Routing in late 2021, like October/November, it had it listed as X-MS-SBC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide