In this section:
There are multiple network methods to deploy the Ribbon SBC MS Teams SIP trunking support.
In ESBC Public WAN IP Deployment, the SBC’s WAN interface can be configured with a public IP directly to the perimeter security device and firewall filter rules for the ports required applied to the firewall policy or placed directly on the public network.
The SBC’s WAN interface is protected by its own firewall and dynamically assigns RTP/SRTP ports for the duration of the SIP session from an array of configurable ports.
Also, the SBC is configured in a private DMZ deployment with a public IPv4 address provided by the perimeter security device. In this model the perimeter security device must not provide NAT or PAT to the public IPv4 address forwarded to the SBC. This will be the model chosen for the SBC’s configuration discussed in the document.
ESBC Public WAN IP Deployment
Configuring the SBC’s WAN and LAN IP Addresses
The system default LAN IP is 192.168.1.1 with username 'root' and password 'default'.
Attach LAN Port 1 of the system to the LAN network or directly to the management computer for the first-time IP networking setup.The system will prompt you to change the default password.
The password change is confirmed. Click the link provided to log in with the new password.
Once you log in, the landing page appears. Here the VOS version is 16.3.1.
Select Network from the Configuration Menu on the left-hand side.
Configure the LAN Interface Settings.
Configure the WAN Interface and Default Gateway Settings.
- Configure the Primary and the Secondary DNS to a DNS server capable of resolving the required Microsoft Teams FQDNs and select Submit. The system will now apply the networks settings. After network configuration takes place, it may be necessary to reconnect to the system at the new LAN IP address.
Creating a CSR
Generate a Certificate Signing Request and obtain the certificate from a supported Certification Authority (CA). Refer to Microsoft documentation for certificate information.
This step discusses how to create a certificate signing request (CSR) to be signed by an approved certificate authority, which are listed at CCADB documentation. The certificate is used by the SBC for TLS SIP signaling support to MS Teams. This signed certificate will be applied to the WAN interface of the system.
Many CAs do not support a private key with a length of 1024 bits. Validate the CSR with your CA requirements and select the appropriate length of the key.
Choose Security > Certificates from the Configuration Menu on the left-hand side.
On the Create a Certificate pane, enter the data for the fields displayed.
Click Download to download the CSR certificate and key file and save this to the management computer.
Open the .csr file with an application like Notepad and copy the complete certificate request.
Configure the signed certificate on the system by using the Add a Certificate pane on the Certificates page and click Add Certificate. The signed certificate must use the .key file from the CSR generation.
Download the root CA on the system and click Add Certificate.
Select Submit All to save the certificates to the system.
The certificates are now displayed and available to be assigned to system services.
Configuring the SBC’s VoIP Settings
Select VoIP from the Configuration Menu on the left-hand side.
Configure the system’s VoIP settings.
Parameter
Example Configuration Value
Enable LLDP:
Enabled (default)
LLDP-MED with tagged VLAN:
Enabled (default)
LLDP Broadcast Interval (sec):
30 (default)
TFTP Server IP address:
Disabled
Use ALG Alias IP Addresses:
Disabled
Public NAT WAN IP address:
Public WAN IPv4 address when using a 1-to-1 NAT configuration
Private NAT LAN IP address:
Private LAN IPv4 address when using a 1-to-1 NAT configuration
Do strict RTP source check:
Disabled
Enable Client List lockdown:
Disabled
Allow Shared Usernames:
Disabled
Strip G.729 from calls:
Disabled
UDP
UDP System Port:
5060,5070,5075 (default)
UDP
UDP System Source Port:
5060 (default)
UDP
REGISTER restricted to port:
0 (default)
UDP
Block UDP support on WAN:
Disabled
TCP
TCP System Port:
5060 (default)
TCP
TCP Connection Timeout (m):
10 (default)
TCP
Block TCP support on WAN:
Disabled
TLS
TLS System Port:
5061
TLS
TLS Protocol:
TLSv1.2
TLS
Use only selected version:
Disabled
TLS
Ciphers String:
TLSv1.2+HIGH:!eNULL:!aNULL
TLS
LAN:
Certificate: Default
Policy: No Check
TLS
WAN:
Certificate: SBC_Cert
Policy: No Check
TLS
Block TLS support on WAN:
Disabled
TLS
Exclude sips headers for TLS Transport:
Enabled
TLS
Set TLS source port:
Disabled
NAT Traversal
Disabled
Route all SIP signalling through B2BUA:
Enabled
Enable Microsoft Feature:
Enabled
Enable Comfort Noise Generation (CNG):
Enabled
Enable User-Agent header pass-through:
Disabled
B2BUA Redirect Support (302):
Disabled
Enable PANI Header Support:
Disabled
Enable B2BUA Session Timer Support:
Enabled
Session Refresh Interval (s):
1800
Enable SRTP support:
Enabled
Enable MKI support:
Set as required to match the MKI setting selected in the MS Teams configuration
SRTP Key Life Time (2^):
32
H.225/H.245 Port Range:
14085-15084 (default)
RTP Port Range: 16386-18385 (default)
RTP Packetization Time (ms): 20 Enable multi-ports: Disabled Multi-port Port Range: 22000 – 22999 (default) Prioritize Microsoft Teams: Disabled (default) This should be enabled if MS Teams client, present/exists on the LAN side of EM and if EM needs to prioritize the Voice traffic from Teams client. Calculate RTT: Enabled (default) RTCP MUX support: Disabled (default) Disabled – Edgemarc will operate in Direct Routing mode
Configure the SIP Server Settings for the SIP trunking service parameters.
- Click Submit to apply changes.
Configuring the B2BUA and Header Manipulation rules
This step discusses how to configure a B2BUA trunking device to the WAN side of the system for MS-Teams support. Header manipulation rules will be used to modify the headers required for interoperability to/from MS-Teams and to/from the SIP trunking provider.
Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side.
Add a B2BUA Trunking Device for the MS Teams cloud servers and click Update. Then, scroll to the bottom and click Submit.
Create a routing group for the MS Teams servers with the Trunking Group Availability function.
- Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side. Header manipulation rules are used to modify the headers required for interoperability to-and-from MS Teams and to-and-from the SIP trunking provider.
- Scroll down to Actions and add the actions mentioned in the following steps, and associated HMR rules.
- The first Actions is “ToTeams”. This rule has an associated “Match” rule for calls going to Teams.
- Configure the parameters in the actions pane.
- Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to save the action.
NoteIn the example given in the following table, the dialing code +1 is used in reference to the USA. Change it to the dialing code of the country of your choice.
- Configure the parameters in the actions pane.
- Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to save the action.
The second action is FromTeams2ServerAnonymous. This rule has an associated “Match” rule for calls with “Anonymous” in the SIP URI. For example, when a Teams caller is blocking their number, the SIP From URI will have the following format:
From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
This rule allows anonymous calls inbound from Teams to the SIP trunking provider.To add a new action click anywhere in the New Entry bar.
The third action will be “FromTeams2Server”, this rule will have an associated “Match” rule for calls outbound from Teams to the SIP Trunking provider for destination call routing. This example uses a “P-Asserted-Identity” header string which is common to many SIP trunking providers, please verify with your trunking provider “if” they require these SIP headers or other header requirements to interoperate with their SIP service.
To add a new Action click anywhere in the “New Entry bar.
Configure the parameters in the actions pane.
Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to save the action.
- The next action will be “Teams2Analog”, this rule will have an associated “Match” rule for calls inbound from Teams to an analog line in the EdgeMarc.
To add a new Action click anywhere in the “New Entry bar.
a. Configure the parameters in the actions pane.
b. Configure each Header Value one at a time and click Add before creating the next rule.
c. Click Update then click Submit to save the Action.
9. Scroll down to the “Match” pane to configure the patterns you wish to match to the actions just created. The match function provides dial plan routing to Actions and relate to the direction the call is coming from, this could be from Teams or from the SIP trunking provider. The examples given in this section will use a dial plan of 555.1000-1099 to provide basic knowledge of how to apply your dial plan to the previously created Actions.
The example will use an “Redirect” rule from Teams as “+1.”, by default Teams will add this to the beginning of every outbound call going to the SBC for SIP trunk routing. This rule is mapped to the Action.”FromTeams2Server” which will remove the +1 from the SIP message and then perform the other header modifications before forwarding the SIP message to the trunking provider. If you’ve configured Teams to not add the +1 then modify the “FromTeams2Server” Action and other header manipulation rules that reference +1 and remove the reference.
The +1. (dot ) portion of the string matches one or more digits this (dot) will allow dialed destinations greater than 10 or 11 digits to be called. If international calling is desired, please verify the MS-Teams voice route to the SBC also includes pattern matches to accommodate international calling. 911, 411 and any other dial plans must also be considered as a SBC or MS-Teams pattern match to route the call correctly.
Match rules are in order of priority from top to bottom, a specific rule must be above a generic rule.
a. The first “Match” rule will be for the Teams dial plan assigned by the SIP trunking provider in this example the DID range for this MS-Teams configuration is “408.555.1000-1099.
1. Configure the parameters in the match pane.
2. Click Update then click Submit to save the Match.
b. The next “Match” rule is to match called party number that begins with +1408666. SIP messages from MS-Teams to the Actions that routes the call to the configured analog line after the header manipulation has been performed. To add a new Action click anywhere in the “New Entry bar.
1. Configure the parameters in the match pane.
2. Click Update then Click Submit to save the Match.
c. The next “Match” rule is to allow the blocked call-ID’s from Teams to Analog which presents as “anonymous” in the From header for example, From: "Anonymous"sip:anonymous@anonymous.invalid:5060 and called party number that begins with +1408666. line after the header manipulation has been performed.
To add a new Action click anywhere in the “New Entry bar.
1. Configure the parameters in the match pane.
2. Click Update then Click Submit to save the Match.
10. The next “Match” rule is to allow the blocked call-ID’s from Teams to SIP Server which presents as “anonymous” in the SIP header for example, From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
To add a new Action click anywhere in the New Entry bar.
1. Configure the parameters in the match pane.
2. Click Update then click Submit to save the Match.
11. The next “Match” rule is to match +1. SIP messages from MS-Teams to the Actions that routes the call to the configured SIP trunking provider after the header manipulation has been performed. This rule is needed to for normal caller-ID routing.
To add a new Action click anywhere in the “New Entry bar.
1. Configure the parameters in the match pane.
2. Click Update then Click Submit to save the Match.
Configuring SBC for Teams Media-Bypass
All the Configurations that made for Non-MediaBypass will be same for MediaBypass. And there are some additional configurations which is specific to MediaBypass.
- VoIP Settings
2. B2BUA Trunking device settings:
As in the figure below, while adding B2BUA trunking device enable ICE support as ‘Lite’.
You have now completed the Ribbon Communications EdgeMarc configuration for Microsoft Teams and are ready to start testing calls.
As a final step, save the SBC’s configuration at this point or when the testing is completed.
Save the ESBC’s Configuration
This step discusses how to save the running SBC’s configuration to restore the system back to a known working configuration if needed.
- From the left-hand navigation menu select Admin > Backup/Restore.
2. Click Create New Config Backup. A dialog box will appear. Click OK.
3. The system will create a backup file of the current running configuration. Click the file name to download the backup file to the management computer.