Best Practice - How to Configure the SBC Edge Portfolio behind the NAT in Microsoft Teams Direct Routing

Overview

The SBC Edge Portfolio is supported behind the NAT (Network Address Translation) in Microsoft Teams Direct Routing; this feature enables the SBC to be placed behind a NAT device. The SBC uses the IP of the NAT device as the source IP for all outgoing messages.

SBC Supported behind a NAT - Basic Network Configuration

Prerequisites - Firewall

For an SBC behind the NAT, ensure the firewall ports are configured per: Firewall Settings.

Configure the SBC behind a NAT during Initial Deployment (Easy Configuration)

The instructions below detail how to configure an SBC with a private IP to be deployed behind a NAT. 

Configure the following to support SBC with a private IP behind a NAT:

1. Select the appropriate Easy Configuration application (this field depends on your network and Microsoft Teams Direct Routing environment).
   
   1. Configure SIP Trunk with Microsoft Teams.
   2. Configure ISDN PSTN with Microsoft Teams.
   3. Configure an IP PBX with Microsoft Teams.
      
2. In Step 2 of the Easy Config wizard, ensure the following is configured:
   
   1. From the Outbound NAT Traversal drop down list, select Enable. Allows the SBC to be placed behind a NAT device, and uses the IP of the NAT device for all outgoing messages.

   2. In the Public IP Address, enter the Public IP of the NAT device. The SBC uses this IP as the source IP for all the outgoing messages.
      See example screen below.

      Note

      To enable the behind a NAT feature, set the Outbound NAT Traversal field to Enable and configure the Public IP Address field.

      
      

      Easy Configuration Wizard Screen - Example

      
      
      

      For detailed Easy Configuration instructions, refer to Working with SBC Easy Configuration.

Configure SBC when Microsoft Teams is in Media Bypass Mode

Easy Configuration enables Media Bypass by default. If Media Bypass is disabled on the Teams server, in addition to running Easy Configuration, you must disable Media Bypass in the SBC:

1. In the WebUI, click the Settings tab.
2. In the left navigation page, access Signaling Groups.
3. Identify and open the Signaling Group used to connect to Microsoft Teams. For details on configuring Signaling Groups, refer to Managing Signaling Groups.
4. From the RTCP Multiplexing field, select Disable.
5. From the ICE Support field, select Disabled.

6. Click OK.

Disable Media Bypass

Configure the SBC behind a NAT for an Existing Deployment

For an SBC without NAT in an existing deployment, update the SBC's configuration to use the Public IP of a NAT device as follows: 

1. Access the WebUI.
2. Click the Settings tab.
3. In the left navigation page, access Signaling Groups.

4. Identify and open the Signaling Group used to connect to Microsoft Teams. For details on configuring Signaling Groups, refer to Managing Signaling Groups.

5. From the Signaling Media Source IP, select the interface with the the SBC's private IP address. 
6. From the Outbound NAT Traversal drop down list, select Static NAT. Static NAT Traversal for Direct Media connection is supported to eliminate the need for a static IP address on WAN side

7. In the NAT Public IP (Signaling Media) field, enter the Public IP of the NAT device.

8. Click OK. 

   
   

   Select Interface with SBC's Private IP Address

   

Verify the Configuration - Test a Call

To ensure NAT options are properly configured, test the configuration through making a call. Refer to Testing a Call.