There are multiple network methods to deploy the
Unable to show "metadata-from": No such page "_space_variables"
SBC MS Teams SIP trunking support.
SBC’s WAN interface can be configured with a public IP directly to the perimeter security device and firewall filter rules for the ports-required applied to the firewall policy or placed directly on the public network.
The SBC’s WAN interface is protected by its own firewall and dynamically assigns RTP/SRTP ports for the duration of the SIP session from an array of configurable ports.
Also, the SBC is configured in a private DMZ deployment with a public IPv4 address provided by the perimeter security device. In this model, the perimeter security device must not provide NAT or PAT to the public IPv4 address forwarded to the SBC. This is the model chosen for the SBC’s configuration discussed in the document.
ESBC Public WAN IP Deployment
The system default LAN IP is 192.168.1.1 with username 'root' and password 'default'.
Attach LAN Port 1 of the system to the LAN network or directly to the management computer for the first-time IP networking setup.
The system will prompt you to change the default password.
Password change is confirmed. Click the link provided to log in with the new password.
Once you log in, the landing page appears.
Select Network from the Configuration Menu on the left-hand side.
Configure the LAN Interface Settings.
Configure the WAN Interface and Default Gateway Settings.
Configure the Primary and the Secondary DNS to a public DNS server and select Submit. The system will now apply the configured network settings. Install the system on the network and reconnect from the management computer to the configured LAN IPv4 Address and log in.
Generate a Certificate Signing Request and obtain the certificate from a supported Certification Authority (CA).
This step discusses how to create a certificate signing request (CSR) to be signed by an approved Microsoft documentation certificate authority. The certificate is used by the SBC for TLS SIP signaling support to MS Teams. This signed certificate will be applied to the WAN interface of the system.
Many CAs do not support a private key with a length of 1024 bits. Validate the CSR with your CA requirements and select the appropriate length of the key.
Choose Security > Certificates from the Configuration Menu on the left-hand side.
On the Create a Certificate pane, enter the data for the fields displayed.
Parameter | Example Configuration Value |
---|
Certificate Name | Arbitrary name (alphanumeric characters only) |
Certificate Type | SSL |
Key Size | 2048 |
Certificate Authority | Certificate Signing Request (CSR) |
Country Name (2 letter code) | us |
State or Province (full name) | ca |
Locality Name (for example: City) | San Jose |
Organization (for example: Company) | Unable to show "metadata-from": No such page "_space_variables" |
Organization Unit | support |
Common Name | sbc1.rbbn.com Note: This name must be identical to the name configured as the PSTN gateway, New-CsOnlinePSTNGateway, value. |
Email | support@rbbn.com |
Password | Password is optional and should not be set for MS Teams. |
Password (Verify) | Password is optional and should not be set for MS Teams. |
Click Download to download the CSR certificate and key file.
Open the .csr file with an application like Notepad and copy the complete certificate request.
Configure the signed certificate on the system by using the Add a Certificate pane on the Certificates page and click Add Certificate. The signed certificate must use the .key file from the CSR generation.
Add the SBC Signed Certificate
Parameter | Example Configuration Value |
---|
Certificate Name | SBC_Cert Arbitrary name (alphanumeric characters only) |
Certificate Type | SSL |
Select Certificate File | SBC_Cert.crt |
Select Key File | SBC1rbbnCSR.key |
Password | Password is optional and should not be set for MS Teams. |
Download the root CA on the system and click Add Certificate.
Parameter | Example Configuration Value |
---|
Certificate Name | ROOTca Arbitrary name (alphanumeric characters only) |
Certificate Type | CA Certificate |
Select Certificate File | certROOT.crt |
Select Key File | No File Selected Note: No key file is required for a root CA. |
Password | Password is optional and should not be set for MS Teams. |
Select Submit All to save the certificates to the system.
The certificates are now displayed and available to be assigned to system services.
from the Configuration Menu on the left-hand side.
Configure the system’s VoIP settings.
Configuring VoIP Parameters
Parameter | Example Configuration Value |
---|
Enable LLDP | Enabled (default) |
LLDP Broadcast Interval (sec) | 30 (default) |
TFTP Server IP Address | Disabled |
Use ALG Alias IP Addresses | Disabled |
Public NAT WAN IP Address | Public WAN IPv4 address when using a 1-to-1 NAT configuration |
Private NAT LAN IP Address | Private LAN IPv4 address when using a 1-to-1 NAT configuration |
Do Strict RTP Source Check | Disabled |
Enable Client List Lockdown | Disabled |
Allow Shared Usernames | Disabled |
Strip G.729 from Calls | Disabled |
Route all SIP Signalling Through B2BUA | Enabled |
Enable Microsoft Feature | Enabled |
Enable Comfort Noise Generation (CNG) | Enabled |
Enable User-Agent Header Pass-Through | Disabled |
Enable SRTP Support | Enabled |
Enable MKI Support | Disabled Note: This is optional. This depends on whether or not MKI support is enabled on MS Teams. |
H.225/H.245 Port Range | 14085-15084 (default) |
RTP Port Range | 16386-18385 (default) |
RTP Packetization Time (ms) | 20 |
Prioritize Microsoft Teams | Not Required for MS Team. The system will automatically prioritize signaling and media. This setting is used when the system is “NATing” MS Teams traffic. |
Calculate RTT | Enabled (default) |
Configure the SIP Server Settings for the SIP trunking service parameters.
Configuring SIP Server Settings Parameters
Parameter | Example Configuration Value |
---|
SIP Server Address | siptrunk.example.com |
SIP Server Port | 5060 (Verify with your SIP trunking provider which SIP port to configure.) Note: If the FQDN resolves to a different port for the SIP Server Address the system will use the port returned in the DNS query response. |
SIP Server Transport | UDP |
Enable SRTP | Disabled |
Use Custom Domain | Disabled |
SIP Server Domain | Not set |
List of SIP Servers | None |
Enable Multi-homed Outbound Proxy Mode | Disabled |
Enable Transparent Proxy Mode | Disabled |
Limit Outbound to Listed SIP Servers | Disabled |
Limit Inbound to Listed SIP Servers | Disabled |
Include UPDATE in Allow | Enabled |
PRACK Support | Enabled |
GEOLOCATION Support | Enabled |
Call Audit Support | Disabled |
Stale Client Time (m) | 1440 (default) |
Session Timer Support | Enabled |
Session Refresh Interval (s) | 1800 (default) |
UDP | Client Listening Port(s) | 5060,5070,5075 (default) |
UDP | Server Facing Port | 5060 (default) |
UDP | REGISTER Restricted to Port | 0 (default) |
TCP | Port | 5060 (default) |
TCP | Timeout (minutes) | 10 (default) |
TLS | Port | 5061 |
TLS | TLS Protocol | TLSv1.2 |
TLS | Ciphers String | TLSv1.2+HIGH:!eNULL:!aNULL |
TLS | LAN | Certificate: Default | Policy: No Check |
TLS | WAN | Certificate: SBC_Cert | Policy: No Check |
TLS | Exclude sips headers for TLS Transport | Enabled |
NAT Traversal | Disabled (default) |
SDP Codec Operation | Allow only given codecs |
SDP Section that will be modified | Audio |
Codecs (comma separated list) | PCMU, PCMA, CN, telephone-event |
Reject when No Match Codec | Enabled |
Strip Matched Expressions | \ba=candidate:.*\b a=rtcp-mux \ba=ice-.*\b |
SIP Use New Port On Hold Resume | Disabled |
Priority Number 1: Priority Number 2: Priority Number 3: Priority Number 4: | Not set |
Enable SIP Statistics | Enabled |
- Click Submit to apply changes.
This step discusses how to configure a B2BUA trunking device to the WAN side of the system for MS Teams support. Header manipulation rules are used to modify the headers required for interoperability the SIP trunking provider.
Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side.
Add a B2BUA Trunking Device for the MS Teams cloud servers and click Update. Then, scroll to the bottom .
Configuring the First B2BUA Trunk
Parameter | Example Configuration Value |
---|
Name | Teams1 Arbitrary name (alphanumeric characters only) |
Model | Microsoft Teams |
Address (IP/FQDN) | sip.pstnhub.microsoft.com |
Use DNS SRV | Not set for MS Teams |
Port | 5061 |
Transport | TLS |
SRTP | Mandatory |
Source FQDN | sbc1.rbbn.com Note: This name must be identical to the name configured as the PSTN gateway. |
Username | Not used for MS Teams |
Password | Not used for MS Teams |
Configuring the Second B2BUA Trunk
Parameter | Example Configuration Value |
---|
Name | Teams2 Arbitrary name (alphanumeric characters only) |
Model | Microsoft Teams |
Address (IP/FQDN) | sip2.pstnhub.microsoft.com |
Use DNS SRV | Not set for MS Teams |
Port | 5061 |
Transport | TLS |
SRTP | Mandatory |
Source FQDN | sbc1.rbbn.com (This name must be identical to the name configured as the PSTN gateway) |
Username | Not used for MS Teams |
Password | Not used for MS Teams |
Configuring the Third B2BUA Trunk
Parameter | Example Configuration Value |
---|
Name | Teams3 Arbitrary name (alphanumeric characters only) |
Model | Microsoft Teams |
Address (IP/FQDN) | sip3.pstnhub.microsoft.com |
Use DNS SRV | Not set for MS Teams |
Port | 5061 |
Transport | TLS |
SRTP | Mandatory |
Source FQDN | sbc1.rbbn.com (This name must be identical to the name configured as the PSTN gateway) |
Username | Not used for MS Teams |
Password | Not used for MS Teams |
Create a routing group for the MS Teams servers with the Trunking Group Availability function.
Configuring the Routing Group
Parameter | Example Configuration Value |
---|
Group Name | TeamsGroup | NA |
State | Display Only |
Keep Alive | Enabled |
Load Balance | Optional |
Invite Failover | Enabled |
Trust Enabled | Enabled |
Trusted List | sip-all.pstnhub.microsoft.com |
Members for Group | TeamsGroup |
Keep Alive Interval | 60 (default) |
Error Response | Not Set |
From User | Not Set |
To User | Not Set |
Backoff on No Response | Enabled |
Regular with max. Interval | Enabled | 0 sec (default) |
Random with max. Interval | NA | NA |
Failover upon Invite Responses | 503 |
Fallback with auto keep alive | Not Selected |
Fallback Interval | Enabled | 60 (s) (default) |
- Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side. Header manipulation rules are used to modify the headers required for interoperability the SIP trunking provider.
- Scroll down to Actions and add the actions mentioned in the following steps, and associated HMR rules.
- The first Actions is “ToTeams”. This rule has an associated “Match” rule for calls going to Teams.
- Configure the parameters in the actions pane.
- Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to n.
Configuring the ToTeams Action
Parameter | Example Configuration Value |
---|
Name | ToTeams Arbitrary name (alphanumeric characters only) |
Send To | Trunking Device | TeamsGroup |
Prioritize | Not used for MS Teams |
Refer to Re-INVITE | Enabled |
Serial Hunting | Not used for MS Team |
E.164 Conversion rule | None |
Conversion mode | Add (default) |
Request-URI | 'sip:+1' + $to.uri.user + '@' + $env.target_domain + ':' + $env.target_port + ';user=phone' |
From | '<sip:+1' + $from.uri.user + '@' + $env.target_src_domain + ':' + $env.target_port + ' ;user=phone>' |
To | $to.dispname + '<sip:+1' + $to.uri.user + '@' + $env.target_domain + ':' + $env.target_port + ';user=phone>' |
Contact | '<sip:+1' + $from.uri.user + '@' + $env.target_src_domain + ':' + $env.out_intf_port + ';transport=TLS>' + $contact.parameter |
- The second action is FromTeams2ServerAnonymous. This rule has an associated “Match” rule for calls with “Anonymous” in the SIP URI. For example, when a Teams caller is blocking their number, the SIP From URI will have the following format:
From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
This rule allows anonymous calls inbound from Teams to the SIP trunking provider.
To add a new action click anywhere in the New Entry bar.
- Configure the parameters in the actions pane.
- Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to save the action.
Configuring the FromTeams2ServerAnonymous Action
Parameter | Example Configuration Value |
---|
Name | FromTeams2ServerAnonymous Arbitrary name (alphanumeric characters only) |
Send To | Trunking Device | None |
Prioritize | Not used for MS Teams |
Refer to Re-INVITE | Enabled |
Serial Hunting | Not used for MS Teams |
E.164 Conversion rule | None |
Conversion mode | Add (default) |
Header | Example Value |
---|
Request-URI | 'sip:' + substr($request.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port |
From | $from.dispname + ' <sip:' + $from.uri.user + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' |
To | $to.dispname + ' <sip:' + substr($to.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port + '>' |
Contact | $from.dispname + ' <sip:' + $from.uri.user + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' + $contact.parameter |
P-Asserted-Identity | $pai?'<sip:' + substr($pai, 7, 10) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' |
Other | Privacy | 'id' |
The third action is “FromTeams2Server”. This rule will have an associated “Match” rule for calls outbound from Teams to the SIP Trunking provider for destination call routing. This example uses a “P-Asserted-Identity” header string which is common to many SIP trunking providers. Please verify with your trunking provider if they require these SIP headers or have other header requirements for interoperability with their SIP service.
To add a new action click anywhere in the New Entry bar.
Configure the parameters in the actions pane.
Configure each Header Value one at a time and click Add before creating the next rule.
Click Update and then click Submit to save the action.
Configuring the FromTeams2Server Action
Parameter | Example Configuration Value |
---|
Name | FromTeams2Server Arbitrary name (alphanumeric characters only) |
Send To | Trunking Device | None |
Prioritize | Not used for MS Teams |
Refer to Re-INVITE | Enabled |
Serial Hunting | Not used for MS Teams |
E.164 Conversion rule | None |
Conversion mode | Add (default) |
Header | Example Value |
---|
Request-URI | 'sip:' + substr($request.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port |
From | $from.dispname + ' <sip:' + substr($from.uri.user, 2, 0) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' |
To | $to.dispname + ' <sip:' + substr($to.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port + '>' |
Contact | $from.dispname + ' <sip:' + substr($from.uri.user, 2, 0) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' + $contact.parameter |
P-Asserted-Identity | $pai?'<sip:' + substr($pai, 7, 10) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' |
History-info | $history-info?' <sip:' + replace($history-info.uri.user, '+1', '' ) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>;reason=unknown;counter=1' |
History-info | $history-info#1?' <sip:' + replace($history-info#1.uri.user, '+1', '' ) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>;reason=unknown;counter=1' |
Scroll down to the Match pane to configure the patterns you wish to match to the actions just created. The match function provides dial plan routing to Actions and relates to the direction the call is coming from. This could be from Teams or from the SIP trunking provider. The examples given in this section will use a dial plan of 408.555.1000-1099 to provide basic knowledge of how to apply your dial plan to the previously created Actions.
The example uses a “Redirect” rule from Teams as “+1.”. By default, Teams will add this to the beginning of every outbound call going to the SBC for SIP trunk routing. This rule is mapped to the Action.”FromTeams2Server” will remove the +1 from the SIP message and then perform the other header modifications before forwarding the SIP message to the trunking provider. If you’ve configured Teams to not add the +1, then modify the “FromTeams2Server” Action and other header manipulation rules that reference +1 and remove the reference.
The +1. (dot ) portion of the string matches one or more digits. This (dot) allows dialed destinations greater than 10 or 11 digits to be called. If international calling is desired, please verify that the MS Teams voice route to the SBC also includes pattern matches to accommodate international calling. 911, 411 and any other dial plans must also be considered as an SBC or MS Teams pattern match to route the call .
The first “Match” rule is for the Teams dial plan assigned by the SIP trunking provider. In this example the DID range for this MS Teams configuration is 408.555.1000-1099.
Configure the parameters in the match pane.
Click Update and then click Submit to save the Match.
Configuring the Called Matches ToTeams Match
Parameter | Example Configuration Value |
---|
Direction | Redirect |
Mode | BothModes |
Default | Not used for MS Teams |
Pattern | Called |
Called Party | Matches | 408555. |
Calling Party | Not Set | NA |
Source | Any |
Action | ToTeams |
The second Match rule is to allow the blocked caller ID’s from Teams, which presents as “anonymous” in the SIP header. For example,
From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
To add a new action click anywhere in the New Entry bar.
Configure the parameters in the match pane.
Click Update and then click Submit to save the Match.
Configuring the FromTeams2ServerAnonymous Match
Parameter | Example Configuration Value |
---|
Direction | Redirect |
Mode | BothModes |
Default | Not used for MS Teams |
Pattern | Both |
Called Party | Matches | +1. |
Calling Party | Does not match | +1. |
Source | TeamsGroup |
Action | FromTeams2ServerAnonymous |
The third Match rule is to match +1. SIP messages from MS Teams to the Actions that routes the call to the configured SIP trunking provider, after the header manipulation is performed. This rule is required for normal caller-ID routing.
To add a new action click anywhere in the New Entry bar.
Configure the parameters in the match pane.
Click Update and then click Submit to save the Match.
Configuring the FromTeams2Server Match
Parameter | Example Configuration Value |
---|
Direction | Redirect |
Mode | BothModes |
Default | Not used for MS Teams |
Pattern | Both |
Called Party | Matches | +1. |
Calling Party | Matches | +1. |
Source | TeamsGroup |
Action | FromTeams2Server |
You have now completed the
Unable to show "metadata-from": No such page "_space_variables"
Unable to show "metadata-from": No such page "_space_variables"
configuration for Microsoft Teams and are ready to start testing calls.
As a final step, save the SBC’s configuration at this point or when you are finished testing.
This section discusses how to save the running SBC’s configuration to restore the system back to a known working configuration if required.
Choose Admin > Backup/Restore from the Configuration Menu on the left-hand side.
Click Create New Config Backup. A dialog box will appear. .
The system will create a backup file of the current running configuration. Click the file name to download the backup file to the management computer.