Session Border Controller

Similar Messages

• MTP - Media Termination Point and SBC - Session Border Controller

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  A client of mine wants to build up a MTP - Media Termination Point and SBC - Session Border Controller to use it to connect to the internet or leased lines to their VoIP provider at USA and route the calls into their current IPCC and also use it with their auto dialer to outbound the international calls.
  I NEED TO KNOW WHAT ARE THE REQUIREMENTS FOR THIS REQUEST AND HOW CAN IT BE IMPLEMENTED??!!

  try this for SBC in XR12000.
  http://www.cisco.com/application/pdf/en/us/guest/products/ps6342/c1244/cdccont_0900aecd80391b66.pdf

• Session border controller performance

  Hi,
  I am looking for Session Border Controller to serve about 600 concurrent calls (media flow-through, codec g729, no transcoding, no vad, a lot of number translation, ACL integrated on the same router); I consider two solutions:
  1. Cisco 3845
  2. Cisco 7200VXR with NPE 2G
  I found following info:
  http://cisco.com/en/US/products/sw/voicesw/ps5640/products_qanda_item09186a00801da69b.shtml
  there is a table that shows 3845 serving 750 calls and 7200 only 500 calls. There is no info about what NPE was used wth 7200.
  Do you have any perofrmance experience with SBC at 3845 and 7200VXR? Which soluton would you prefer?
  ANother quesion - what is SBC performance for XR12000?
  Regards

  try this for SBC in XR12000.
  http://www.cisco.com/application/pdf/en/us/guest/products/ps6342/c1244/cdccont_0900aecd80391b66.pdf

• Can you reload the default HTTPS certificate for a Border Controller?

  The HTTPS page does not work for the Tandberg Border Controller (Q6.3). HTTP is fine. I believe that the customer uploaded their own certificate which has now “broken” the HTTPS page.
  So the question is – can you reload the default HTTPS certificate for a Border Controller?
  There’s a handy button to do this on the VCS but not on the BC it seems. The only option I can see is for the customer to generate a “working” certificate and upload it, is this the only option?
  Thanks,
  David

  Hi sherylz,
  It is also possible to edit the theme, but it may be wise to make a copy of it:
  *[https://support.mozilla.org/en-US/questions/940165]
  *[https://developer.mozilla.org/en-US/Add-ons/Themes/Background MDN Reference]
  *Add on to make own skin: [https://addons.mozilla.org/en-Us/firefox/addon/bt-canvas/]

• How do I restrict the source trying to access a port?

  I have VoIP phones in my office and I am experiencing dozens of hacking attempts per day.  I received the following email from the company that I purchase service from:
  Hi ,
  Based on our research and experience with these type of calls, these are hacking attempts usually using a program called SIP Vicious or a variant. You can  check the link below about SIP Vicious.
  http://threatpost.com/hackers-pushing-sipvicious-voip-tools-malicious-attacks-08 3111/
  These attacks for the most part do not affect users behind our managed routers since we have security features in place to block them.
  The calls that the remote users are getting do not  traverse the Broadcorenetwork at all. Meaning even if the user put the phone on  DND or we try to block calls through the Web portal, calls will still go through because the call does not go through our Session Border Controller ( SBC ) .
  The call is directly hitting the IP of the remote users router (bypassing Broadcore completely) and scanning the ports for a SIP device which is the Polycom Phone. Once they get an answer back from the phone, the hacker  now has a target to attack. What they want to do is get the credentials for the user so they can authenticate a soft phone for example and make free calls.
  Unmanaged network /Router limits us of how we can block these calls  , however we have a suggestion which could help you eliminate these calls.
  What the remote user can do is to implement this policy . Allow UDP protocol on port 5060 but the only source should be west.broadcore.com.
  Since the remote user uses his/her own router, you might need help from their respective support team.
  Thank you,
  How do I set up the port mapping to only allow incoming traffic from the specified source west.broadcore.com?
  Also, is there some sort of documentation, manual, web site or book that covers what the settings of the Airport are?  In detail?  So, that I can learn for myself what is what and be able to answer my own questions such as:  Timed Access - Does this only apply to Wi-Fi or does it disable to whole router during the restricted period?
  Thanks in advance,
  Noa
  By the way I'm using the  Airport Express 802.11n Wi-Fi (2nd Generation), Firmware 7.6.4, Airport Utility 6.3.4 on my Mac or the latest version on my iPhone 6.

  What the remote user can do is to implement this policy . Allow UDP protocol on port 5060 but the only source should be west.broadcore.com.
  Unfortunately, Apple routers are quite simple, and do not have the features and settings that you would need to do this.
  However, if you are using a modem/router or gateway device with the AirPort Express, then you might be able to set up the modem/router to do what you need. What is the make and model number of the device that you likely call your "modem"?

• Best Practices for VidConf with external parties

  We currently use Sony Video conference units for our end units. On the backend, we use a Cisco 3515 for multipoint conferences.
  We now need to be able to do video conferences with external parties using our MCU.
  Since there are many ways of doing this, are there solutions that work better than others? Basically I need to publish a doc that says 'here is what you will need. This port open on your firewall, a public IP address that is not NATd....'
  Any help would be appreciated.

  David,
  Unfortunately, Cisco has not (currently) chosen to implement H.460.x in their H.323 infrastructure solutions, so a Cisco GK could not be used in combination with a Tandberg SBC (session border controller). However, we currently use Cisco gatekeepers for everything but firewall traversal. For traversal, the Tandberg GK functions as the inside portion of the traversal solution and proxies for all my codecs (a mix of six different Tandberg and Polycom product lines)--even those that are H.460-capable. Combined with the SBC (session border controller is a Cisco MCM (25xx router) setting on the public side of the firewall and neighbored to the session border controller.
  The "public" GK is for the entities who write custom policies in their firewalls or set their codecs on the public side of their security. If not H.460 compliant, they have to register with a GK, they can't register directly with the SBC, hence, the public GK which is simply neighbored to the SBC.
  I would encourage you to closely look at the Polycom V2IU as well. It has come a LONG way since it was introduced a couple of years ago.
  Personally, I still don't feel like the V2IU has as much flexibility nor does it implement a dialing methodology best suited for converging networks. It is an ALG (App Layer GW) that has been tweaked to support H.323 traversal, so I don't think it will ever truly match the Tandberg Expressway solution apples-apples, but it is dramatically less expensive and thus worth considering.
  We tested both the Tandberg and Polycom traversal solutions with our internal CAC (call admission and control infrastructure), which is made up of multiple Cisco GK products in a fully meshed neighboring scenario prior to purchase of a traversal solution, and the Cisco products interoperated with both traversal solutions.
  Cisco did present a solution that proposed a Layer 3 solution, but we felt it best to pursue something based within the H.323 umbrella standard.
  If you want to talk more, please email me at [email protected] w/ direct contact info and I'll be happy to assist you in any way I can.
  Greg

• Adding network switch to external WAN to increase number of ports available

  This may be a stupid question but this has kinda been landed on me so I'll ask anyway.
  We have a Cisco router with ethernet connection to our provider's NTE.  They provide us with one ethernet port on the NTE which we connect to the WAN port on our Cisco router. The WAN interface on our router is configured with a public IP address from the /29 subnet the provider assigned to us.
  We have a 3rd party installing SIP connectivity for us and they need us to provide them with a public IP address and connectivity outside our router/firewall for their Session Border Controller (apparently NAT doesn't work well with SIP so we can't have it inside our network and NAT it via our existing router)
  Since we only have one ethernet port presented to us by our provider, is this just a case of placing a network switch in between the router and the provider NTE then having our router connect to the switch and the 3rd party's Session Border Controller connect into the switch too?  We can then assign another IP address from our provider's /29 to the 3rd party's kit.
  Is it as simple as that or am I missing something?
  If it really is that simple, are there any considerations for what sort of switch I should use?  Can it be something relatively cheap and cheerful, does it even need to be a managed switch?  

  Is it as simple as that or am I missing something?
  Should be that simple although I would check with provider ie. a switch will usually send L2 protocols on the link to the provider as well as to the router so you may want to check with them they are happy for you to do it.
  Although I suspect they won't care as they don't really know how you have it connected now ie. you could already be using a switch as far as they know.
  Still worth running it by them though.
  You only need a L2 switch so definitely no need for L3 functionality.
  Some people prefer unmanaged switches outside of their network eg. in the untrusted area.
  Really up to you whether you need it managed or not.
  In terms of overall functionality very little is needed but you would want something reliable as it is another single point of failure.
  One last thing, if this is the only connection then nothing else to do but be aware that currently if the provider NTE fails your router knows about it because it is a direct connection. With a switch in between if either side fails the other side doesn't know because it's connection to the switch is still up.
  If this is your only connection to the internet then it's not an issue but if you had an alternate path you would need to track the connection to make sure you failed over properly.
  Jon

• Calls via Gamme sip trunk

  Has anyone set up Lync server 2010 to use the Gamma SIP trunks, that dont require the use of a gateway?
  No requirement for an additional gateway device, with direct MS Lync connectivity
  The trouble is i cannot get Lync to connect to the trunks. We have purchased the SIP trunks from a gamma supplier(we didnt now they were a supplier, until recently when we asked for support and they went 'duhhhhhh me no know, we just
  sell things dunow how to set things up' what a PAIN IN THE A***), and they say that the SIP trunks are pointed at our EFM IP address. which also has the DDIs assigned to it.
  So, i setup a PSTN gateway on lync topology using IP of EFM, Listening port 5060 using TCP. Are these ports and protocol okay?
  The VoIP phones seem to want to call, they just lack any sound, no ringing tone, no dissconnected tone. Just says calling "+44157322****" So the dial plan is changing 22**** to the correct local code and whatever the +44 thing
  is.
  Any advice on how i can find the problem, or how to setup the trunks up would be hugely appreciated.
  P.S We initially tried to use an audiocodes mediant 1000, which was what we asked our trunk supplier about, and then they informed us about being a gamma supplier, and that the gamma trunks do not require a gateway. Followed setting
  up guide for mediant 1000 with gamma trunks through audiocodes blah, to no success. I think thats because it was changing the coders, which was not needed if the trunks are directly compatable.

  Hi,
  Please review the SIP trunk topology.
  http://technet.microsoft.com/en-us/library/gg398720.aspx
  To
   implement SIP trunking, you must route the connection through a Mediation Server, which proxies communications sessions between Lync Server 2010 clients and the service provider and transcodes media when necessary. Each Mediation Server has
  an internal and an external network interface. The internal interface connects to the Front End Servers. The external interface is commonly called the gateway interface because it has traditionally been used to connect the Mediation Server to a PSTN gateway
  or an IP-PBX. To implement a SIP trunk, you connect the external interface of the Mediation Server to the external edge component of the ITSP. The external edge component of the ITSP could be a Session Border Controller (SBC), a router, or a gateway.
  Generally the gateway is not required in your organization. You need to configure Mediation Server setting. For the details about
  the SIP trunk configuration of ITSP side, you need to contact Gamme Support for further assistance.
  Regards,
  Kent Huang
  TechNet Community Support ************************************************************************************************************************ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a
  marked post does not actually answer your question.

• Somebody can adopt and update FreeSwitch?

  Hi to everyone:
  FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communication protocols using audio, video, text or any other form of media.  It was created in 2006 to fill the void left by proprietary commercial solutions. FreeSWITCH also provides a stable telephony platform on which many telephony applications can be developed using a wide range of free tools.
  FreeSWITCH was originally designed and implemented by Anthony Minessale with the help of Brian West and Michael Jerris. All 3 are former developers of the popular Asterisk open source PBX.  The project was initiated to focus on several design goals including modularity, cross-platform support, scalability and stability. Today, many more developers and users contribute to the project on a daily basis.
  We support various communication technologies such as Skype, SIP, H.323 and GoogleTalk making it easy to interface with other open source PBX systems such as sipXecs, Call Weaver, Bayonne, YATE or Asterisk.
  FreeSWITCH supports many advanced SIP features such as presence/BLF/SLA as well as TCP TLS and sRTP. It also can be used as a transparent proxy with and without media in the path to act as a SBC (session border controller) and proxy T.38 and other end to end protocols.
  FreeSWITCH supports both wide and narrow band codecs making it an ideal solution to bridge legacy devices to the future. The voice channels and the conference bridge module all can operate at 8, 12, 16, 24, 32 or 48 kilohertz and can bridge channels of different rates. The G.729 codec is also available under a commercial license.
  FreeSWITCH builds natively and runs standalone on several operating systems including Windows, Max OS X, Linux, BSD and Solaris on both 32 and 64 bit platforms.
  FreeSWITCH supports FAX, both over audio and T.38, and can gateway between the two.
  Our developers are heavily involved in open source and have donated code and other resources to other telephony projects including openSER, sipXecs, The Asterisk Open Source PBX and Call Weaver.
  The lastest version is available from here but the package is orphaned .
  A lot of thanks
  Last edited by Ravenman (2011-01-02 16:02:58)

  \/\/hat your asking for is already made... frees\/\/itch-git is in the aur already. https://aur.archlinux.org/packages.php?ID=42208

• 4000-5000 ms delays when accessing Office365 voicemail

  A couple of our customers recently moved their voicemail from an on-premise Exchange server to a cloud-based solution with Office365.  Afterwards, users are reporting delays of around 5-seconds from the time the Messages button is pressed to when they hear audio from Office365.  Before moving voicemail to Office365, there were no noticeable delays after pressing the Messages button.
  Both customers have very similar topologies - CUCM 9.1.2, and an Audiocodes Mediant 1000 SBC (Session Border Controller).  CUCM has a SIP trunk to the Audiocodes SBC, and the SBC has a SIP trunk with TLS for the connection to Office365.  According to Microsoft, this is a supported configuration.
  When reviewing SIP logs on the Audiocodes SBC, I see an approximately 5-second delay from initiation of the call (SIP/2.0 100 Trying) to when Office365 answers (SIP/2.0 180 Ringing).  In the logs below, 10.77.162.16 is the Audiocodes SBC's internal IP address, and X.X.X.X is it's public address.
  08:20:22.423 : 10.77.162.16 : Local 0 :NOTICE : [S=16653173] [SID:983092790] SIP/2.0 100 Trying Via: SIP/2.0/TLS X.X.X.X:5061;alias;branch=z9hG4bKac1438283782 From: "Sophia Dominquez"
  08:20:27.501 : 10.77.162.16 : Local 0 :NOTICE : [S=16653183] [SID:983092790] SIP/2.0 180 Ringing Via: SIP/2.0/TLS X.X.X.X:5061;alias;branch=z9hG4bKac1438283782 From: "Sophia Dominquez"
  Has anyone else noticed similar delays when accessing Office365 voicemail?  If so, what was the resolution? 
  Thanks everyone!

  Do you have a link to any documentation that states this?

• Cisco SPA509G to Cisco SPA509G

  Is there a way to configure the phones (Cisco SPA509G) so that they talk to each other, like an intercom system?
  Or configure them to talk to each other, IP to IP?
  Basically internally we would have 16 Cisco phones, they would connect to a Cisco switch, a Linksys Router (WRT-54GL with DD-WRT) and then to a Satellite Modem.
  This would be in Alaska, so the four to five second delay when it has to make the strip to the VoIP server back east can't really be done.
  Would we need to have a Gateway device, like an Session Border Controller in play?
  Thank you in advance.
  John.

  John,
  You are looking for IP to IP dialing between phones.
  Have a look here: 
  http://www.cisco.com/en/US/products/ps10024/products_qanda_item09186a0080a35a2c.shtml
  It's a little dated but the concepts and steps are the same (the screen displays are updated on SPA50X phones).
  The example is a Linksys PAP2
  Randy

• Cube Alternative \ Outbound Proxy

  Hi,
  I currently have CUBE setup to my SIP provider, I would like to add an additional register or user agent. However since my current service provider uses outbound proxy for the invite messages I'm running into issues with the second UA.
  So I'd like to know if anyone has setup any alternatives to using CUBE such as a software b2bua or session border controller. I currently looking at Yate 

  Thanks for the assistance,
  Ok here is the configuration which was provided by our ISP. It is different to other configurations I'm used to as the register and sip-server addresses are our company name.
  This configuration connects to a local ISP router.
  voice service voip
   ip address trusted list
    ipv4 0.0.0.0 0.0.0.0
   address-hiding
   allow-connections sip to sip
   fax protocol none 
   sip
    outbound-proxy dns:Provider.telstra.com
    midcall-signaling passthru
    privacy-policy passthru
    sip-profiles 100
    error-code-override options-keepalive failure 503
  sip-ua 
   credentials username User password 7 pass realm ourcompanyname.com
   authentication username User password 7 pass
   authentication username User password 7 pass realm ourcompanyname.com
   set pstn-cause 47 sip-status 486
   retry invite 2
   retry response 3
   retry bye 3
   retry prack 6
   retry register 2
   timers expires 300000
   registrar dns:ourcompanyname.com expires 30000
   sip-server dns:ourcompanyname.com
   connection-reuse
  Gi0/0 Internet (Public)
  Gi0/1 Direct connection to provider voicegateway
  Gi0/2 Management (Internal Traffic)
  I have configured a specific route for Provider.telstra.com
  So I'd like to add a second register, but I ran into issues with the invite going out Gi0/1 the provider gateway.
  I tried to add a specific route out Gi0/0 (internet) however it still goes to via Gi0/1 due to the outbound proxy setting.
  I'm unsure how to reconfigure the setup to avoid using outbound proxy. I managed to set the outbound proxy the outgoing dial peers and calls would work however the b2bua wouldn't register for incomming calls.

• VoIP phones in public rooms

  We have been tasked with deploying VoIP phones in our patient rooms at our hospital. So far we have only deployed them internally. We do use voice vlans for each floor that gets ip phones. We have a Session Border Controller in our DMZ for users that have our IP phones at their homes. A few thoughts have come up about using port security on switch ports to lock down the MAC address on the port. But windows now allows users to change their MAC address without the need for spoofing software. Not to mention the calls we would get at 2:00 am when the staff replaces an ip phone. We could use some kind of ACL on the port but it would always be changing as we deploy more and more ip phones. So we are kind of stuck. Has anyone went through this type of deployment and how did you do it? Maybe an internal SBC? Thoughts???
  Sent from Cisco Technical Support iPhone App

  A few thoughts have come up about using port security on switch ports to lock down the MAC address on the port.
  No need.  Just make sure the PC ports at the back of the phones are disabled or get the phones without the second port.
  But this will not stop someone from unplugging the phone.  So you'll need to employ a cable lock, like the following:
  http://www.panduit.com/wcs/Satellite?c=Page&childpagename=Panduit_Global%2FPG_Layout&cid=1345565612156&packedargs=classification_id%3D651%26locale%3Den_us&pagename=PG_Wrapper
  http://www.panduit.com/wcs/Satellite?c=Page&childpagename=Panduit_Global%2FPG_Layout&cid=1345565612156&packedargs=classification_id%3D652%26locale%3Den_us&pagename=PG_Wrapper
  Another method you could try to use is make sure that the port where the phones are in public do not have any data VLANs configured.
  Trying to hardcode an IP address to a MAC address is not foolproof.  Anyone can spoof a MAC address and coding the values ain't easy.

• CME to SIP ITSP

  Hello all,
  I have a situation where I am trying to connect a CME 3.2 system, running on a 2821, to Global Crossing' s Local Dial and Outbound Dial service. They are using an Acme Session Border Controller, which at this point, does not support "SIP Redirect". Basically, when we forward our phones to an outbound #, the CME sends a SIP message telling the Acme Session Border Controller to redirect the call to an outbound port on the Acme.
  I'm wondering if there is a way to add a router to the mix on my side as an IP2IP gateway and connect the CME to this gateway using H.323 and have the IP2IP gateway initiate another call to the Acme, thereby getting around this SIP redirect issue. Does anyone know if this might work?
  Thanks, as always, for any assistance!
  -Darin

  Wayne,
  I did get some features to work, however, there were serveral querks that ultimately convinced me to stay away from the solution until it matures. In my scenario, I did not need a userid and pin as Global Crossing authenticates you by putting you on a VRF in their MPLS network. I'm told that Cisco will release call manager 5.x this fall, which will natively support SIP to the instrument. I have a plan to re-evaluate this when that product comes out and is showing signs of stability.
  HTH,
  Darin

• WRT54G rewriting sip headers

  Hi,
  The router is rewriting the sip headers that contain local ip addresses with the public address which is causing problems with our session border controller.
  Is there a way to turn off the sip alg?
  Thanks
  Peter

  After bringing this up with my Cisco rep it was recommended I look at the AVS 3120 box which is supposed to support the header/url rewriting I need. Can anyone with experience with these boxes let me know if I'm being steered in the right direction? The documentation doesn't seem to specifically mention this ability or if it does it's worded in a way that doesn't make it obvious.