In this section:
This section lists CLI commands to configure ingress IP attributes.
% set profiles signaling ipSignalingProfile <SIP profile name> ingressIpAttributes carrierInformation generateTerminatingCa <disable | enable> generateTerminatingCic <disable | enable> flags mapCalledPartyCategoryInPSigInfoHeader <disable | enable> noSdpIn180Supported <disable | enable> registrationExpiresinExpiresHeader <disable | enable> send183OnInitiatingDisconnectTreatment <disable | enable> sendSdpIn200OkIf18xReliable <disable | enable> sendSdpInSubsequent18x <disable | enable> sendTLSConnectionFailureResponse <disable | enable> sendUpdatedSDPin200Ok <disable | enable> set-cut-through-indication-in-OBCI <disable | enable> sip181Supported <disable | enable> sip182Supported <disable | enable> suppress183For3xxRedirectResponse <disable | enable> suppress183WithoutSdp <disable | enable>
The IP Signaling Profile SIP Ingress IP Attributes are shown below:
To configure SIP over TCP:
Assign this IP signaling profile to SIP trunk group(s):
% set addressContext a1 zone EXTERNAL sipTrunkGroup EXT_NET policy signaling ipSignalingProfile SIP_IPSIGPROF
If ipSignalingProfile
is not configured for any transport protocols (if transport type1 is "none"), SIP call over TCP can be forced by configuring the transport preference on egress sipTrunkGroup.
% set addressContext a1 zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling transportPreference preference Possible completions: preference1 - This first choice of transport protocol for SIP calls. preference2 - This second choice of transport protocol for SIP calls. preference3 - This third choice of transport protocol for SIP calls. preference4 - This fourth choice of transport protocol for SIP calls.
Select TCP.
% set addressContext a1 zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling transportPreference preference1 tcp
Generate server certificate and show status.
% set system security pki certificate server fileName server.p12 passPhrase gsx9000 type local state enabled > show status system security pki certificate certificate server { encoding pkcs12; status success; }
Generate client certificate and show status. Both client and server certificates display.
% set system security pki certificate client fileName clientCert.der type remote state enabled > show status system security pki certificate certificate client { encoding der; status success; } certificate server { encoding pkcs12; status success; }
Assign the installed certificates to the TLS profile:
% set profiles security tlsProfile defaultTlsProfile serverCertName server clientCertName client % commit
Assign TLS to the SIP signaling ports:
% set addressContext a1 zone ZONE1 sipSigPort 1 mode outOfService state disabled % commit % set addressContext a1 zone ZONE1 sipSigPort 1 tlsProfileName defaultTlsProfile % commit % set addressContext a1 zone ZONE1 sipSigPort 1 mode inService state enabled % commit % set addressContext a1 zone ZONE2 sipSigPort 2 mode outOfService state disabled % commit % set addressContext a1 zone ZONE2 sipSigPort 2 tlsProfileName defaultTlsProfile % commit % set addressContext a1 zone ZONE2 sipSigPort 2 mode inService state enabled % commit
Associate IP Signaling Profiles with TLS over TCP:
% set profiles signaling ipSignalingProfile IPSP_1 % commit % set profiles signaling ipSignalingProfile IPSP_1 egressIpAttributes transport type1 tlsOverTcp % commit % set profiles signaling ipSignalingProfile IPSP_2 % commit % set profiles signaling ipSignalingProfile IPSP_2 egressIpAttributes transport type1 tlsOverTcp % commit
% set addressContext a1 zone ZONE1 sipTrunkGroup SIP_TG1 policy signaling ipSignalingProfile IPSP_1 % commit % set addressContext a1 zone ZONE2 sipTrunkGroup SIP_TG2 policy signaling ipSignalingProfile IPSP_2 % commit