...
- Third-party party PBX, Analog devices and the Administrator's management station, located on the LAN
- Microsoft Teams Direct Routing on the WAN
- SIP trunk from a third-party provider on the WAN
The topology example below uses an SBC 1000/2000.
Caption |
---|
0 | Figure |
---|
1 | SBC 1000-2000 and Microsoft Teams Direct Connect Interface - Topology Example |
---|
|
The topology example below uses an SBC 1000/2000. Image RemovedImage Added |
Prerequisites
Info |
---|
|
A Tenant is used within the Microsoft environment to describe an Office 365 organization; through this tenant, administrators can manage projects, users, and roles. |
...
Before you begin, ensure that you have the following for every SBC to be paired:
Public IP address
- FQDN name matching the Public IP address.
Info |
---|
If you plan to use Media Bypass, Microsoft requires ICE Lite. ICE RFC 5245 requires a public IP address assigned on the SBC interface without NAT. If you do not plan to use Media Bypass, ICE Lite is not required. The SBC can use a Public IP behind a NAT.
|
- FQDN name matching the Public IP address.
- Public certificate (issued Public certificate (issued by one of the supported CAs; see Domain Name for details about supported Certification Authorities). Wild Card certificates are supported.
Obtain Domain Name
...
Ensure you are running the latest SBC Edge Release:
Release | Specifications |
---|
SWe Lite 7.0.4 or later SBC 1000/2000 7.0.3 or later | Does not support Media Bypass.* |
8.0.0 or later (available shortly) | Supports Media Bypass.* NOTE: If Release 8.0.0 is not generally available, contact your local Ribbon sales representative for early access options. |
*Teams *Teams Direct Routing With/Without Media Bypass - Example Below
Caption |
---|
0 | Figure |
---|
1 | Teams Direct Routing - Without Media Bypass |
---|
|
Image Added |
Caption |
---|
0 | Figure |
---|
1 | Teams Direct Routing - With Media Bypass |
---|
|
Image Added Image Removed |
Info |
---|
To locate the SBC Edge software version you are running, refer to Viewing the Software Version and Hardware ID. |
...
- Obtain Trusted Root and Intermediary signing certificates from your certification authority.
- Access the WebUI.
- To install Trusted Root Certificates, click Settings > Security > SBC Certificates > Trusted CA Certificates.
- Click Import and select the trusted root certificates.
- To install the SBC certificate, open Settings > Security > SBC Certificates > Sonus Certificate.
Validate the certificate is installed correctly.
Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
|
|
- Click Import and select X.509 Signed Certificate.
Validate the certificate is installed correctly.
Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
|
Image Modified |
Step 3: Deploy Baltimore Trusted Root Certificate
The Direct Routing interface has the DNS name sip.pstnhub.microsoft.com. On that interface, the certificate is signed by Baltimore CyberTrust Root with Serial Number: 02 00 00 b9 and SHA fingerprint: d4:de:20:d0:5e:66:fc: 53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74.
...
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Security > TLS Profiles.
- Click the CreateTLS Profile ( ) icon at the top of the TLS Profile page.
Configure the parameters shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | TLS Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone system (example name) | TLS Protocol | TLS 1.2 Only | Validate Client FQDN | Disabled |
|
Caption |
---|
|
Image RemovedImage Added |
Configure Node-Level Settings
- In the WebUI, click the Settings tab.
In the left navigation page, access System > Node-Level Settings.
Configure the NTP and DNS Server with the appropriate configuration.
Caption |
---|
0 | Figure |
---|
1 | Node-level Settings - Example |
---|
|
Image RemovedImage Added |
Configure Node Interface
...
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Node Interfaces > Logical Interfaces.
Configure the parameters shown below:
Note |
---|
The Media Next Hop IP field (available on SWe Lite only; not shown below) must be configured with the Default Gateway for this interface. |
Caption |
---|
|
Caption |
---|
0 | Table |
---|
1 | Logical Interfaces Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | To Microsoft Phone System | Admin Interface | Enable | IP Assign Method | Static (example) | Primary Address | <Public IP of your SBC> in the example 192.168.211.80 | Primary Netmask | <Mask of Public Interface of your SBC> in the example 255.255.255.0 |
|
Caption |
---|
0 | Figure |
---|
1 | Logical Interfaces - Example |
---|
|
Image RemovedImage Added |
Configure SIP Profile
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Profiles.
Click the ( ) icon at the top of left corner and add a new SIP profile.
Configure parameters shown below:
Caption |
---|
0 | Table |
---|
1 | SIP Profile Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | FQDN in From Header | Sonus SBC FQDN | FQDN In Contact Header | Sonus SBC FQDN | Origin Field name Username | <FQDN of SBC> |
|
Caption |
---|
0 | Figure |
---|
1 | SIP Profile - Example |
---|
|
Image RemovedImage Added |
Configure Media Crypto Profile
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access Media > Media Crypto Profiles.
- Click the ( ) icon at the top of left corner and add a new Media Crypto Profile.
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | Media Crypto Profile Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | Operation Option | Required | Crypto Suite | AES_CM_128_HMAC_SHA1_80 |
|
Caption |
---|
0 | Figure |
---|
1 | Media Crypto Profile - Example |
---|
|
Image Modified |
Configure Media List
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access Media >Media List.
- Click the ( ) icon at the top of left corner and add a new Media List.
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | Media List Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | Media Profiles List | - Default G711a
- Default G711u
NOTE: See Microsoft documentation for the list of codecs supported by Microsoft. | Crypto Profile ID | Microsoft Phone System (created on the previous step) |
|
Caption |
---|
0 | Figure |
---|
1 | Media List - Example |
---|
|
Image RemovedImage Added |
Configure SIP Server Tables
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Server Tables
Click the ( ) icon at the top of left corner and add a new SIP Server Table.
Caption |
---|
0 | Figure |
---|
1 | Create SIP Server Table |
---|
|
Image RemovedImage Added |
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | SIP Server Table Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System |
|
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Server Tables.
- Select the name of the table created in the previous step.
- At the top left corner of the main configuration pane click Create New SIP Server, select IP/FQDN and add the pairing to the Direct Routing interface .
Repeat the operation for the other two SIP Server entries. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | SIP Server 1 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 1 | Host | sip.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Table |
---|
1 | SIP Server 2 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 2 | Host | sip2.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Table |
---|
1 | SIP Server 3 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 3 | Host | sip3.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Figure |
---|
1 | SIP Server - Example |
---|
|
Image RemovedImage Added |
Configure Voice routing
Configure Routing Logic per Ribbon Documentation. Refer to Working with Telephony Routing.
Caption |
---|
0 | Figure |
---|
1 | Configure Voice Routing |
---|
|
|
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > Transformation Tables.
Click the ( ) icon at the top left corner to add a new Transformation Table.
Caption |
---|
0 | Figure |
---|
1 | Create Transformation Table |
---|
|
Image AddedImage Removed |
Configure the parameters as shown below.
Caption |
---|
0 | Table |
---|
1 | Transformation Table - Example Values |
---|
|
Parameter | Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System (example name) |
|
To add and configure a new Call Routing Table:
- In the WebUI, click the Settings tab.
- In the left navigation page, access Call Routing Table.
Click the () icon at the top of left corner and add a new Call Routing Table.
Caption |
---|
0 | Figure |
---|
1 | Create Call Routing Table |
---|
|
Image Modified |
Configure the parameters as shown below. Click OK.
Caption |
---|
0 | Table |
---|
1 | Call Routing Table - Example Values |
---|
|
Parameter | Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System (example name) |
|
From the left navigation pane, click on the Call Routing > Microsoft Phone System (the entry created in the last step).
- Click the ().
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Call Routing Table Configuration - Example |
---|
|
Parameter | Value |
---|
Description | From Microsoft Phone System (example name) | Number/Name Transformation Table | Microsoft Phone System | Destination Signaling Groups | Choose the Signaling Group of a local equipment |
|
Caption |
---|
0 | Figure |
---|
1 | Call Routing Table - Example |
---|
|
Image RemovedImage Added |
Anchor |
---|
| Signaling Group |
---|
| Signaling Group |
---|
|
Configure Signaling Group
- In the WebUI, click the Settings tab.
- In the left navigation page, access Signaling Groups
For the SBC 1000-2000, from the Create Signaling Group drop down box, select SIP Signaling Group.
For the SWe Lite,click Add SIP SG.
Configure the parameters as shown below. Leave the default values for all other parameters.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Signaling Group Configuration - Example Values |
---|
|
Parameter | Value |
---|
Description | Microsoft Phone System | SIP Profile | Microsoft Phone System (from the previous steps) | Media List ID | Microsoft Phone System (from the previous steps) | Signaling Media/Source IP | Ethernet 1 (example, pick the interface which faces the Microsoft Phone System) | Listen Port | 5068 (arbitrary port) TLS TLS Profile ID: Microsoft Phone System (from the previous steps) | Federated IP/FQDN | sip-all.pstnhub.microsoft.com | SIP server table | Microsoft Phone System (from the previous steps) | Load Balancing | Priority | SIP Profile | Microsoft Phone System (from the previous steps) | Call Routing Table | Microsoft Phone System (from the previous steps) | Outbound NAT traversal[1] | Static NAT | NAT Public IP | 192.168.211.80 (Only required if “Static NAT” is selected) |
[1] Please ignore if the SBC has a Public IP assigned on the interface. The NAT Public IP is required only when the SBC is behind a NAT. |
Caption |
---|
0 | Figure |
---|
1 | Signaling Group - ExampleExample |
---|
|
Image Added |
Configure REFER and Re-Invites for Call Forwarding Info |
---|
This section is applicable to SBC SWe Lite only. |
When the remote peer forwards all the REFER messages without checking the destination, the SBC EDGE can be reconfigured to force the call through the remote peer. See below for configuration.
Modify Message Manipulation
- In the WebUI, click the Settings tab.
In the left navigation pane, go to SIP > Message Manipulation > Message Rule Table.
Create a new Message Rule Table configured as shown below.
Caption |
---|
0 | Figure |
---|
1 | Create Message Rule Table |
---|
|
Image Added |
- In the left navigation pane, click the newly created Rule Table entry.
Click Create Rule > Request Line Rule.
Configure the Request Line Rule as shown below.
Caption |
---|
0 | Figure |
---|
1 | Request Line Rule |
---|
|
Image Added |
Modify Signaling Group
- In the WebUI, click the Settings tab.
- In the left navigation page, access Signaling Groups
Access the Signaling Group used for Teams.
Assign the Message Rule Table to the Teams Signaling Group as Inbound Message Manipulation.
Caption |
---|
0 | Figure |
---|
1 | Configure Signaling Group |
---|
|
Image Added |
Modify Transformation Table
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > Transformation Tables.
Click the ( Image Added) icon at the top left corner to add a new Transformation Table.
Configure as shown below.
Caption |
---|
0 | Figure |
---|
1 | Create Transformation Table |
---|
|
Image Added |
Modify Call Routing
- In the WebUI, click the Settings tab.
- In the left navigation page, access Call Routing Table.
In the Routing Table designated "From Teams," create a routing entry that points to the destination Teams Signaling Group (this must be the first routing entry in the list) and assign the newly created Transformation Table.
Caption |
---|
0 | Figure |
---|
1 | Create Call Routing Entry |
---|
|
Image AddedImage Removed |
Confirm the Configuration
...
- In the WebUI, click the Diagnostics tab.
- In the left navigation pane, click Test a Call.
- Configure the parameters as shown below.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Place a Test Call - Parameters |
---|
|
Parameter | Value |
---|
Destination Number | Number assigned to a Teams user. | Origination/Calling Number | Number assigned to a Local user | Call Routing Table | The routing table that handles the call from Local resource. |
|
Caption |
---|
0 | Figure |
---|
1 | Place a Test Call - Configuration |
---|
|
Image Modified |
Caption |
---|
0 | Figure |
---|
1 | Place Test Call - Example |
---|
|
Image Modified |
Known Issues
...
- If the SBC is in a trusted network, it should not remove the PAI information and allow the last equipment to remove it. SBC will forward the FROM, PAI and Privacy header.
- Outbound SIP profile -> Send Assert Header: Trusted Only (Default)
- Outbound SIP profile -> Trusted Interface: Enable (Default)
- If the SBC is the last trusted equipment, it should hide the PAI information. SBC will remove the PAI and Privacy header and make the FROM header Anonymous.
- Outbound SIP profile -> Send Assert Header: Trusted Only (Default)
- Outbound SIP profile -> Trusted Interface: Disable
- If the SBC is in a trusted network but the equipment behind it makes the call anonymous due to the Privacy header (and the customer does not want the call anonymous), the SBC can remove the PAI and Privacy header and keep the FROM Header.
- Outbound SIP profile -> Send Assert Header: Never
- Outbound SIP profile -> Trusted Interface: Enable (Default)
Teams Direct Routing Refer Scenario
The SBC Edge supports REFER and Re-Invites for call forwarding. To handle a scenario for when the remote peer forwards all the REFER messages without checking the destination, the SBC EDGE can be reconfigured to force the call through the remote peer.
For configuration, see Configure Forward Handling.