Keep in mind that, as always, public IP's have been changed to private ones. Phone numbers are also fake. Signalling & RTP communication is NOT encrypted in this example! Be aware of that! You could tunnel this traffic through a VPN. Registration would then work too & everything should be fine (except for the additional delays ...). ISDN configuration is for German PSTN, but you should be able to modify it for your needs. If you have trouble to get this to work, try this debug commands:
debug ccsip all (Be carefull, some phones fire off over 20 register requests per second. This usually only happens if the phone is not able to register, but it might freeze your router. This is not a theoretically option!)
debug voice register errors
debug voice register events
Check your systems firewall settings if you use software phones. Might be a good idea to deactivate it temporarily for verifying functionality.
At first I would try to use the X-Lite client. That's a client that usually always works first. Most tolerant one for NAT issues. In general almost any third party SIP client, even IPhones, should work in this implementation. Before delivering such a solution you should always verify functionality thoroughly. Some problems arise after a longer period of time because of timeouts etc..
This is only a short abstract. If you have any suggestions or coments - feel free to post them.
Overview
Configuration of Cisco Callmanager Express
sipgateway#sh run
Building configuration...
Current configuration : 8775 bytes
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sipgateway
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M1.bin
boot-end-marker
!
!
logging buffered 100000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone MEZ 1 0
clock summer-time MESZ recurring last Sun Mar 2:00 last Sun Oct 3:00
network-clock-participate wic 0
network-clock-select 1 BRI0/0/1
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
ip domain name lab.local
ip name-server 172.20.21.5
multilink bundle-name authenticated
!
!
!
!
isdn switch-type basic-net3
!
voice-card 0
dsp services dspfarm
!
!
voice call disc-pi-off
!
voice service voip
allow-connections sip to sip
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
registrar server expires max 600 min 60
no call service stop
!
voice class codec 10
codec preference 1 g711ulaw
!
!
voice register global
mode cme
source-address 172.20.21.165 port 5060
max-dn 35
max-pool 10
authenticate register ==> This is needed, because phones are not localy connected.
authenticate realm lab.local ==> This is needed by some SIP phones to switch to digest auth.
timezone 21
time-format 24
date-format D/M/Y
voicemail 88888888
tftp-path flash:
create profile sync 0429414478545137
!
voice register dn 1
number 12344887
call-forward b2bua unregistered 88888888
allow watch
name Test1
label 12344887
mwi
!
voice register dn 2
number 12344898
allow watch
name Test2
label 12344898
mwi
!
voice register dn 4
number 12344971
call-forward b2bua unregistered 88888888
allow watch
name Test4
label 12344971
mwi
!
voice register dn 5
number 12341453
allow watch
name Test5
label 12341453
mwi
!
voice register dn 7
number 12341455
allow watch
name Test7
label 12341455
mwi
!
voice register pool 1
id mac 0000.0000.0000 ==> Mac is irrelevant. Auth is now digest based.
number 1 dn 1
presence call-list
dtmf-relay rtp-nte
username 12344887 password 1234
codec g711ulaw
!
voice register pool 2
id mac 0000.0000.0000
number 1 dn 2
presence call-list
dtmf-relay rtp-nte
username 12344898 password 1234
codec g711ulaw
!
voice register pool 4
id mac 0000.0000.0000
number 1 dn 4
presence call-list
dtmf-relay rtp-nte
username 12344971 password 1234
codec g711ulaw
!
voice register pool 5
id mac 0000.0000.0000
number 1 dn 5
presence call-list
dtmf-relay rtp-nte
username 12341453 password 1234
codec g711ulaw
!
voice register pool 7
id mac 0000.0000.0000
number 1 dn 7
presence call-list
dtmf-relay sip-notify
username 12341455 password 1234
codec g711ulaw
!
!
!
voice translation-rule 5
rule 1 /^\(.*\)/ /30\1/ type any national
!
voice translation-rule 10
rule 1 /^\(.*\)/ /0\1/ type subscriber unknown
rule 2 /^\(.*\)/ /00\1/ type national unknown
rule 3 /^\(.*\)/ /000\1/ type international unknown
!
!
voice translation-profile From-PSTN
translate calling 10
!
voice translation-profile To-PSTN
translate calling 5
!
!
license udi pid CISCO2901/K9 sn 12341234
license accept end user agreement
hw-module ism 0
!
hw-module pvdm 0/0
!
!
!
username labtest privilege 15 labt3st
!
redundancy
!
!
!
interface Loopback0
ip address 172.20.20.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description LAN Interface
ip address 172.20.21.165 255.255.255.248
duplex auto
speed auto
!
interface ISM0/0
ip unnumbered Loopback0
service-module ip address 172.20.20.2 255.255.255.252
!Application: CUE Running on ISM
service-module ip default-gateway 172.20.20.1
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
shutdown
!
interface BRI0/0/0
no ip address
shutdown
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
!
interface BRI0/0/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
!
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
ip route 0.0.0.0 0.0.0.0 172.20.21.161
ip route 172.20.20.2 255.255.255.255 ISM0/0
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0
compand-type a-law
cptone DE
bearer-cap Speech
!
voice-port 0/0/1
compand-type a-law
cptone DE
bearer-cap Speech
!
!
dial-peer voice 1 pots
description ISDN
translation-profile incoming From-PSTN
translation-profile outgoing To-PSTN
destination-pattern 0.T
incoming called-number .
direct-inward-dial
port 0/0/1
!
dial-peer voice 5 voip
destination-pattern 88888888
session protocol sipv2
session target ipv4:172.20.20.2
incoming called-number .
voice-class codec 10
dtmf-relay sip-notify
no vad
!
!
gateway
timer receive-rtp 1200
!
sip-ua
!
end
sipgateway#
Building configuration...
Current configuration : 8775 bytes
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sipgateway
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M1.bin
boot-end-marker
!
!
logging buffered 100000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone MEZ 1 0
clock summer-time MESZ recurring last Sun Mar 2:00 last Sun Oct 3:00
network-clock-participate wic 0
network-clock-select 1 BRI0/0/1
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
ip domain name lab.local
ip name-server 172.20.21.5
multilink bundle-name authenticated
!
!
!
!
isdn switch-type basic-net3
!
voice-card 0
dsp services dspfarm
!
!
voice call disc-pi-off
!
voice service voip
allow-connections sip to sip
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
registrar server expires max 600 min 60
no call service stop
!
voice class codec 10
codec preference 1 g711ulaw
!
!
voice register global
mode cme
source-address 172.20.21.165 port 5060
max-dn 35
max-pool 10
authenticate register ==> This is needed, because phones are not localy connected.
authenticate realm lab.local ==> This is needed by some SIP phones to switch to digest auth.
timezone 21
time-format 24
date-format D/M/Y
voicemail 88888888
tftp-path flash:
create profile sync 0429414478545137
!
voice register dn 1
number 12344887
call-forward b2bua unregistered 88888888
allow watch
name Test1
label 12344887
mwi
!
voice register dn 2
number 12344898
allow watch
name Test2
label 12344898
mwi
!
voice register dn 4
number 12344971
call-forward b2bua unregistered 88888888
allow watch
name Test4
label 12344971
mwi
!
voice register dn 5
number 12341453
allow watch
name Test5
label 12341453
mwi
!
voice register dn 7
number 12341455
allow watch
name Test7
label 12341455
mwi
!
voice register pool 1
id mac 0000.0000.0000 ==> Mac is irrelevant. Auth is now digest based.
number 1 dn 1
presence call-list
dtmf-relay rtp-nte
username 12344887 password 1234
codec g711ulaw
!
voice register pool 2
id mac 0000.0000.0000
number 1 dn 2
presence call-list
dtmf-relay rtp-nte
username 12344898 password 1234
codec g711ulaw
!
voice register pool 4
id mac 0000.0000.0000
number 1 dn 4
presence call-list
dtmf-relay rtp-nte
username 12344971 password 1234
codec g711ulaw
!
voice register pool 5
id mac 0000.0000.0000
number 1 dn 5
presence call-list
dtmf-relay rtp-nte
username 12341453 password 1234
codec g711ulaw
!
voice register pool 7
id mac 0000.0000.0000
number 1 dn 7
presence call-list
dtmf-relay sip-notify
username 12341455 password 1234
codec g711ulaw
!
!
!
voice translation-rule 5
rule 1 /^\(.*\)/ /30\1/ type any national
!
voice translation-rule 10
rule 1 /^\(.*\)/ /0\1/ type subscriber unknown
rule 2 /^\(.*\)/ /00\1/ type national unknown
rule 3 /^\(.*\)/ /000\1/ type international unknown
!
!
voice translation-profile From-PSTN
translate calling 10
!
voice translation-profile To-PSTN
translate calling 5
!
!
license udi pid CISCO2901/K9 sn 12341234
license accept end user agreement
hw-module ism 0
!
hw-module pvdm 0/0
!
!
!
username labtest privilege 15 labt3st
!
redundancy
!
!
!
interface Loopback0
ip address 172.20.20.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description LAN Interface
ip address 172.20.21.165 255.255.255.248
duplex auto
speed auto
!
interface ISM0/0
ip unnumbered Loopback0
service-module ip address 172.20.20.2 255.255.255.252
!Application: CUE Running on ISM
service-module ip default-gateway 172.20.20.1
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
shutdown
!
interface BRI0/0/0
no ip address
shutdown
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
!
interface BRI0/0/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
!
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
ip route 0.0.0.0 0.0.0.0 172.20.21.161
ip route 172.20.20.2 255.255.255.255 ISM0/0
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0
compand-type a-law
cptone DE
bearer-cap Speech
!
voice-port 0/0/1
compand-type a-law
cptone DE
bearer-cap Speech
!
!
dial-peer voice 1 pots
description ISDN
translation-profile incoming From-PSTN
translation-profile outgoing To-PSTN
destination-pattern 0.T
incoming called-number .
direct-inward-dial
port 0/0/1
!
dial-peer voice 5 voip
destination-pattern 88888888
session protocol sipv2
session target ipv4:172.20.20.2
incoming called-number .
voice-class codec 10
dtmf-relay sip-notify
no vad
!
!
gateway
timer receive-rtp 1200
!
sip-ua
!
end
sipgateway#
Verify registration
sipgateway#sh sip-ua status registrar
Line destination expires(sec) contact
transport call-id
peer
============================================================
12341455 172.20.22.52 597 172.20.22.52
UDP g7ngEr-P2hu1kPJ6mDgWP8FNWrPJDIql
40002
These are the phone configs I tested:
Android CSipSimple Settings
Accountname: 12344971
Send own number: 12344971
SIP Server: 172.20.21.165
Username: 12344971
Password: 1234
Proxy: 172.20.21.165
Phoner Lite Settings
Configuration -> Server
Proxy/registrar: 172.20.21.165
STUN Server: stun.counterpath.com
Domain/Realm: 172.20.21.165
Check Registration
Configuration -> User
Username: 12341453
Shown username: 12341453
Password: 1234
Authentication name: 12341453
Number: 12341453
Configuration -> Network
Check preferred connection type: UDP
Check Windows Firewall
Xlite (ver 4.0) settings
Softphone -> Account Settings -> Account
Check allow this account for call
User ID: 12341453
Domain: 172.20.21.165
Password: 1234
Authorization name: 12341453
Check Domain Proxy to register with Domain and receive calls
Check outbound via domain
Softphone -> Account Settings -> Topology
Autodetect firewall traversal method using ICE
Softphone -> Preferences -> Advanced
Check send DTMF via RFC2833
Snom 360 Settings
Identity1
Login
Account: 12344887
Password: 1234
Registrar: 172.20.21.165
Authentication Username: 12344887
SIP
Check Support broken Registrar
NAT
Check Offer ICE
STUN Server: stun.counterpath.com
3 comments:
Hey, I tried your approach on my CME and it didn't work with the mac 0000.000.000, you have to use the mac address for the phone.
Thank s though.
On newer versions of CME the "id mac 0000.0000.000" no longer works. In your example you would have to do "id device-id-name 12344887" where 12344887 was your username.
how is it going to impact my current cisco sip phones as i did not configure the authenticate register and authenticate realm local under voice register global?
Post a Comment