In this section:


There are multiple network methods to deploy the Ribbon SBC MS Teams SIP trunking support.

In ESBC Public WAN IP Deployment, the SBC’s WAN interface can be configured with a public IP directly to the perimeter security device and firewall filter rules for the ports-required applied to the firewall policy or placed directly on the public network.

The SBC’s WAN interface is protected by its own firewall and dynamically assigns RTP/SRTP ports for the duration of the SIP session from an array of configurable ports.

Also, the SBC is configured in a private DMZ deployment with a public IPv4 address provided by the perimeter security device. In this model, the perimeter security device must not provide NAT or PAT to the public IPv4 address forwarded to the SBC. This is the model chosen for the SBC’s configuration discussed in the document.

ESBC Public WAN IP Deployment


Configuring the SBC’s WAN and LAN IP Addresses

  1. The system default LAN IP is 192.168.1.1 with username 'root' and password 'default'.
    Attach LAN Port 1 of the system to the LAN network or directly to the management computer for the first-time IP networking setup.

  2. The system will prompt you to change the default password.


  3. Password change is confirmed. Click the link provided to log in with the new password.


  4. Once you log in, the landing page appears.


  5. Select Network from the Configuration Menu on the left-hand side.

  6. Configure the LAN Interface Settings.


  7. Configure the WAN Interface and Default Gateway Settings.


  8. Configure the Primary and the Secondary DNS to a public DNS server and select Submit. The system will now apply the configured network settings. Install the system on the network and reconnect from the management computer to the configured LAN IPv4 Address and log in.

Creating a CSR

Generate a Certificate Signing Request and obtain the certificate from a supported Certification Authority (CA).  Refer to Microsoft documentation for certificate information.

This step discusses how to create a certificate signing request (CSR) to be signed by an approved certificate authority, which are listed at CCADB documentation. The certificate is used by the SBC for TLS SIP signaling support to MS Teams. This signed certificate will be applied to the WAN interface of the system.

Many CAs do not support a private key with a length of 1024 bits. Validate the CSR with your CA requirements and select the appropriate length of the key.

  1. Choose Security > Certificates from the Configuration Menu on the left-hand side.

  2. On the Create a Certificate pane, enter the data for the fields displayed.


    Creating the CSR

    Parameter

    Example Configuration Value
    Certificate NameArbitrary name
    (alphanumeric characters only)
    Certificate TypeSSL
    Key Size2048
    Certificate AuthorityCertificate Signing Request (CSR)
    Country Name (2 letter code)us
    State or Province (full name)ca
    Locality Name (for example: City)San Jose
    Organization (for example: Company)
    Ribbon Communications
    Organization Unitsupport
    Common Name

    sbc1.rbbn.com

    Note: This name must be identical to the name configured as the PSTN gateway, New-CsOnlinePSTNGateway, value.
    Emailsupport@rbbn.com
    PasswordPassword is optional and should not be set for MS Teams.
    Password (Verify)Password is optional and should not be set for MS Teams.

     

  3. Click Download to download the CSR certificate and key file.



  4. Open the .csr file with an application like Notepad and copy the complete certificate request.



  5. Configure the signed certificate on the system by using the Add a Certificate pane on the Certificates page and click Add Certificate. The signed certificate must use the .key file from the CSR generation.


     

    Add the SBC Signed Certificate

    Parameter

    Example Configuration Value
    Certificate NameSBC_Cert Arbitrary name (alphanumeric characters only)
    Certificate TypeSSL
    Select Certificate FileSBC_Cert.crt
    Select Key FileSBC1rbbnCSR.key
    PasswordPassword is optional and should not be set for MS Teams.

  6. Download the root CA on the system and click Add Certificate.


     

    Add the Root CA

    Parameter

    Example Configuration Value
    Certificate NameROOTca
    Arbitrary name (alphanumeric characters only)
    Certificate TypeCA Certificate
    Select Certificate FilecertROOT.crt
    Select Key File

    No File Selected

    Note: No key file is required for a root CA.
    PasswordPassword is optional and should not be set for MS Teams.
     

  7. Select Submit All to save the certificates to the system.


     

  8. The certificates are now displayed and available to be assigned to system services.


Configuring the SBC’s VoIP Settings

  1. Select VoIP from the Configuration Menu on the left-hand side. 

  2. Configure the system’s VoIP settings.


     

    Configuring VoIP Parameters

    ParameterExample Configuration Value
    Enable LLDPEnabled (default)
    LLDP Broadcast Interval (sec)30 (default) 
    TFTP Server IP AddressDisabled
    Use ALG Alias IP AddressesDisabled
    Public NAT WAN IP AddressPublic WAN IPv4 address when using a 1-to-1 NAT configuration
    Private NAT LAN IP AddressPrivate LAN IPv4 address when using a 1-to-1 NAT configuration
    Do Strict RTP Source CheckDisabled
    Enable Client List LockdownDisabled
    Allow Shared UsernamesDisabled
    Strip G.729 from CallsDisabled
    Route all SIP Signalling Through B2BUAEnabled
    Enable Microsoft FeatureEnabled
    Enable Comfort Noise Generation (CNG)Enabled
    Enable User-Agent Header Pass-ThroughDisabled
    Enable SRTP SupportEnabled
    Enable MKI SupportDisabled Note: This is optional. This depends on whether or not MKI support is enabled on MS Teams.
    H.225/H.245 Port Range14085-15084 (default)
    RTP Port Range16386-18385 (default)
    RTP Packetization Time (ms)20
    Prioritize Microsoft TeamsNot Required for MS Team. The system will automatically prioritize signaling and media. This setting is used when the system is “NATing” MS Teams traffic.
    Calculate RTTEnabled (default)
     

  3. Configure the SIP Server Settings for the SIP trunking service parameters.


     

    Configuring SIP Server Settings Parameters

    ParameterExample Configuration Value
    SIP Server Addresssiptrunk.example.com
    SIP Server Port

    5060

    (Verify with your SIP trunking provider which SIP port to configure.)

    Note: If the FQDN resolves to a different port for the SIP Server Address the system will use the port returned in the DNS query response.
    SIP Server TransportUDP
    Enable SRTPDisabled
    Use Custom DomainDisabled
    SIP Server DomainNot set
    List of SIP ServersNone
    Enable Multi-homed Outbound Proxy ModeDisabled
    Enable Transparent Proxy ModeDisabled
    Limit Outbound to Listed SIP ServersDisabled
    Limit Inbound to Listed SIP ServersDisabled
    Include UPDATE in AllowEnabled
    PRACK SupportEnabled
    GEOLOCATION SupportEnabled
    Call Audit SupportDisabled
    Stale Client Time (m)1440 (default)
    Session Timer SupportEnabled
    Session Refresh Interval (s)1800 (default)
    UDPClient Listening Port(s)5060,5070,5075 (default)
    UDPServer Facing Port5060 (default)
    UDPREGISTER Restricted to Port0 (default)
    TCPPort5060 (default)
    TCPTimeout (minutes)10 (default)
    TLSPort5061
    TLSTLS ProtocolTLSv1.2
    TLSCiphers StringTLSv1.2+HIGH:!eNULL:!aNULL
    TLSLAN

    Certificate:

    Default

    Policy:

    No Check
    TLSWAN

    Certificate:

    SBC_Cert

    Policy:

    No Check
    TLSExclude sips headers for TLS TransportEnabled

    NAT Traversal

    Disabled (default)
    SDP Codec OperationAllow only given codecs
    SDP Section that will be modifiedAudio
    Codecs (comma separated list)PCMU, PCMA, CN, telephone-event
    Reject when No Match CodecEnabled
    Strip Matched Expressions

    \ba=candidate:.*\b

    a=rtcp-mux

    \ba=ice-.*\b

    SIP Use New Port On Hold ResumeDisabled

    Priority Number 1:

    Priority Number 2:

    Priority Number 3:

    Priority Number 4:

    Not set
    Enable SIP StatisticsEnabled
     

  4. Click Submit to apply changes.

Configuring the B2BUA and Header Manipulation rules

This step discusses how to configure a B2BUA trunking device to the WAN side of the system for MS Teams support. Header manipulation rules are used to modify the headers required for interoperability to-and-from MS Teams and to-and-from the SIP trunking provider.

  1. Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side.

  2. Add a B2BUA Trunking Device for the MS Teams cloud servers and click Update. Then, scroll to the bottom and click Submit.

    Configuring the First B2BUA Trunk

    Parameter

    Example Configuration Value
    Name

    Teams1

    Arbitrary name (alphanumeric characters only)
    ModelMicrosoft Teams
    Address (IP/FQDN)sip.pstnhub.microsoft.com
    Use DNS SRVNot set for MS Teams
    Port5061
    TransportTLS
    SRTPMandatory
    Source FQDN

    sbc1.rbbn.com

    Note: This name must be identical to the name configured as the PSTN gateway.
    UsernameNot used for MS Teams
    PasswordNot used for MS Teams


    Configuring the Second B2BUA Trunk

    ParameterExample Configuration Value
    Name

    Teams2

    Arbitrary name (alphanumeric characters only)
    ModelMicrosoft Teams
    Address (IP/FQDN)sip2.pstnhub.microsoft.com
    Use DNS SRVNot set for MS Teams
    Port5061
    TransportTLS
    SRTPMandatory
    Source FQDN

    sbc1.rbbn.com

    (This name must be identical to the name configured as the PSTN gateway)
    UsernameNot used for MS Teams
    PasswordNot used for MS Teams

    Configuring the Third B2BUA Trunk

    ParameterExample Configuration Value
    Name

    Teams3

    Arbitrary name (alphanumeric characters only)
    ModelMicrosoft Teams
    Address (IP/FQDN)sip3.pstnhub.microsoft.com
    Use DNS SRVNot set for MS Teams
    Port5061
    TransportTLS
    SRTPMandatory
    Source FQDN

    sbc1.rbbn.com

    (This name must be identical to the name configured as the PSTN gateway)
    UsernameNot used for MS Teams
    PasswordNot used for MS Teams

  3. Create a routing group for the MS Teams servers with the Trunking Group Availability function.


    Configuring the Routing Group

    ParameterExample Configuration Value
    Group NameTeamsGroupNA
    StateDisplay Only
    Keep AliveEnabled
    Load BalanceOptional
    Invite FailoverEnabled
    Trust EnabledEnabled
    Trusted Listsip-all.pstnhub.microsoft.com
    Members for GroupTeamsGroup
    Keep Alive Interval60 (default)
    Error ResponseNot Set
    From UserNot Set
    To UserNot Set
    Backoff on No ResponseEnabled
    Regular with max. IntervalEnabled0 sec (default)
    Random with max. IntervalNANA
    Failover upon Invite Responses503
    Fallback with auto keep aliveNot Selected
    Fallback IntervalEnabled60 (s) (default)

  4. Choose VoIP > SIP > B2BUA from the Configuration Menu on the left-hand side. Header manipulation rules are used to modify the headers required for interoperability to-and-from MS Teams and to-and-from the SIP trunking provider.
  5. Scroll down to Actions and add the actions mentioned in the following steps, and associated HMR rules.
  6. The first Actions is “ToTeams”. This rule has an associated “Match” rule for calls going to Teams.
    1. Configure the parameters in the actions pane.
    2. Configure each Header Value one at a time and click Add before creating the next rule.
    3. Click Update and then click Submit to save the action.

      Note

      In the example given in the following table, the dialing code +1 is used in reference to the USA. Change it to the dialing code of the country of your choice. 

      Configuring the ToTeams Action

      ParameterExample Configuration Value
      Name

      ToTeams

      Arbitrary name (alphanumeric characters only)
      Send ToTrunking DeviceTeamsGroup
      PrioritizeNot used for MS Teams
      Refer to Re-INVITEEnabled
      Serial HuntingNot used for MS Team
      E.164 Conversion ruleNone
      Conversion modeAdd (default)
      Request-URI'sip:+1' + $to.uri.user + '@' + $env.target_domain + ':' + $env.target_port + ';user=phone'
      From'<sip:+1' + $from.uri.user + '@' + $env.target_src_domain + ':' + $env.target_port + ' ;user=phone>'
      To$to.dispname + '<sip:+1' + $to.uri.user + '@' + $env.target_domain + ':' + $env.target_port + ';user=phone>'
      Contact'<sip:+1' + $from.uri.user + '@' + $env.target_src_domain + ':' + $env.out_intf_port + ';transport=TLS>' + $contact.parameter

  7. The second action is FromTeams2ServerAnonymous. This rule has an associated “Match” rule for calls with “Anonymous” in the SIP URI. For example, when a Teams caller is blocking their number, the SIP From URI will have the following format:
    From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
    This rule allows anonymous calls inbound from Teams to the SIP trunking provider.

    To add a new action click anywhere in the New Entry bar.

    1. Configure the parameters in the actions pane.
    2. Configure each Header Value one at a time and click Add before creating the next rule.
    3. Click Update and then click Submit to save the action.

      Configuring the FromTeams2ServerAnonymous Action

      ParameterExample Configuration Value
      Name

      FromTeams2ServerAnonymous

      Arbitrary name (alphanumeric characters only)
      Send ToTrunking DeviceNone
      PrioritizeNot used for MS Teams
      Refer to Re-INVITEEnabled
      Serial HuntingNot used for MS Teams
      E.164 Conversion ruleNone
      Conversion modeAdd (default)
      HeaderExample Value
      Request-URI'sip:' + substr($request.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port
      From$from.dispname + ' <sip:' + $from.uri.user + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>'
      To$to.dispname + ' <sip:' + substr($to.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port + '>'
      Contact$from.dispname + ' <sip:' + $from.uri.user + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' + $contact.parameter
      P-Asserted-Identity$pai?'<sip:' + substr($pai, 7, 10) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>'
      OtherPrivacy'id'

  8. The third action is “FromTeams2Server”. This rule will have an associated “Match” rule for calls outbound from Teams to the SIP Trunking provider for destination call routing. This example uses a “P-Asserted-Identity” header string which is common to many SIP trunking providers. Please verify with your trunking provider if they require these SIP headers or have other header requirements for interoperability with their SIP service.
    To add a new action click anywhere in the New Entry bar.


    1. Configure the parameters in the actions pane.

    2. Configure each Header Value one at a time and click Add before creating the next rule.

    3. Click Update and then click Submit to save the action.


      Configuring the FromTeams2Server Action

      ParameterExample Configuration Value
      Name

      FromTeams2Server

      Arbitrary name (alphanumeric characters only)
      Send ToTrunking DeviceNone
      PrioritizeNot used for MS Teams
      Refer to Re-INVITEEnabled
      Serial HuntingNot used for MS Teams
      E.164 Conversion ruleNone
      Conversion modeAdd (default)
      HeaderExample Value
      Request-URI'sip:' + substr($request.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port
      From$from.dispname + ' <sip:' + substr($from.uri.user, 2, 0) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>'
      To$to.dispname + ' <sip:' + substr($to.uri.user, 2, 0) + '@' + $env.available_domain + ':' + $env.available_port + '>'
      Contact$from.dispname + ' <sip:' + substr($from.uri.user, 2, 0) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>' + $contact.parameter
      P-Asserted-Identity$pai?'<sip:' + substr($pai, 7, 10) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>'
      History-info$history-info?' <sip:' + replace($history-info.uri.user, '+1', '' ) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>;reason=unknown;counter=1'
      History-info$history-info#1?' <sip:' + replace($history-info#1.uri.user, '+1', '' ) + '@' + $env.out_intf_host + ':' + $env.out_intf_port + '>;reason=unknown;counter=1'

  9. Scroll down to the Match pane to configure the patterns you wish to match to the actions just created. The match function provides dial plan routing to Actions and relates to the direction the call is coming from. This could be from Teams or from the SIP trunking provider. The examples given in this section will use a dial plan of 408.555.1000-1099 to provide basic knowledge of how to apply your dial plan to the previously created Actions.
    The example uses a “Redirect” rule from Teams as “+1.”. By default, Teams will add this to the beginning of every outbound call going to the SBC for SIP trunk routing. This rule is mapped to the Action.”FromTeams2Server” will remove the +1 from the SIP message and then perform the other header modifications before forwarding the SIP message to the trunking provider. If you’ve configured Teams to not add the +1, then modify the “FromTeams2Server” Action and other header manipulation rules that reference +1 and remove the reference.
    The +1. (dot ) portion of the string matches one or more digits. This (dot) allows dialed destinations greater than 10 or 11 digits to be called. If international calling is desired, please verify that the MS Teams voice route to the SBC also includes pattern matches to accommodate international calling. 911, 411 and any other dial plans must also be considered as an SBC or MS Teams pattern match to route the call correctly.

    Note

    Match rules are in order of priority from top to bottom. A specific rule must be above a generic rule.


    1. The first “Match” rule is for the Teams dial plan assigned by the SIP trunking provider. In this example the DID range for this MS Teams configuration is 408.555.1000-1099.

      1. Configure the parameters in the match pane.

      2. Click Update and then click Submit to save the Match.


        Configuring the Called Matches ToTeams Match

        ParameterExample Configuration Value
        DirectionRedirect
        ModeBothModes
        DefaultNot used for MS Teams
        PatternCalled
        Called PartyMatches408555.
        Calling PartyNot SetNA
        SourceAny
        ActionToTeams

    2. The second Match rule is to allow the blocked caller ID’s from Teams, which presents as “anonymous” in the SIP header. For example,
      From: "Anonymous"sip:anonymous@anonymous.invalid:5060.
      To add a new action click anywhere in the New Entry bar.


      1. Configure the parameters in the match pane.

      2. Click Update and then click Submit to save the Match.

        Configuring the FromTeams2ServerAnonymous Match

        ParameterExample Configuration Value
        DirectionRedirect
        ModeBothModes
        DefaultNot used for MS Teams
        PatternBoth
        Called PartyMatches+1.
        Calling PartyDoes not match+1.
        SourceTeamsGroup
        ActionFromTeams2ServerAnonymous

    3. The third Match rule is to match +1. SIP messages from MS Teams to the Actions that routes the call to the configured SIP trunking provider, after the header manipulation is performed. This rule is required for normal caller-ID routing.
      To add a new action click anywhere in the New Entry bar.


      1. Configure the parameters in the match pane.

      2. Click Update and then click Submit to save the Match.


        Configuring the FromTeams2Server Match

        ParameterExample Configuration Value
        DirectionRedirect
        ModeBothModes
        DefaultNot used for MS Teams
        PatternBoth
        Called PartyMatches+1.
        Calling PartyMatches+1.
        SourceTeamsGroup
        ActionFromTeams2Server

You have now completed the Ribbon Communications EdgeMarc configuration for Microsoft Teams and are ready to start testing calls.

As a final step, save the SBC’s configuration at this point or when you are finished testing.

Saving the ESBC's Configuration

This section discusses how to save the running SBC’s configuration to restore the system back to a known working configuration if required.

  1. Choose Admin > Backup/Restore from the Configuration Menu on the left-hand side. 

  2. Click Create New Config Backup. A dialog box will appear. Click OK.

     

  3. The system will create a backup file of the current running configuration. Click the file name to download the backup file to the management computer.