**** NOTE TO CUBE USERS!!!! YOU MUST FORCE EARLY OFFER FOR MEDIA. SEE THESE INSTRUCTIONS: http://www.cisco.com/c/en/us/td/docs/ios/voice/cube/configuration/guide/vb_8241.html ****
The following config was built using CME 10 on a Cisco Router running IOS v 15.1. This configuration assumes you want to have your CME on a router that faces your LAN and is behind a firewall. The firewall was configured so that UDP ports 5060 (SIP) and 16384 - 32767 (RTP) are forwarded to the private IP address of the CME. Additionally, this configuration assumes IP Authentication which, with SIP.US, requires a specific port for SIP traffic. To that end, the firewall was also configured to Statically Source NAT port 5060 for all traffic received from the CME's IP Address on port 5060.
*The RTP Ports MUST be forwarded and accepted from ANY IP ADDRESS by your firewall. The SIP Port, should be locked down to gw1.sip.us and gw2.sip.us IP Addresses and also forwarded to your CME.
**You MUST set your trunk to IP Authentication. To do that:
1. Go to your SIP.US portal
2. Click on "SIP Trunking"
3. Locate you trunk and click "Modify Trunk"
4. Check the box for "IP Authentication"
5. Enter your Static Public IP and Port
6. Click "Submit"
***This configuration is designed around a very specific (but according to our help desk, common) network configuration.
The topology looks like this:
FIREWALL:
1. STATIC WAN IP
2. LAN IP (10.1.10.1)
CISCO ROUTER
1. GigabitEthernet 0/1: 10.1.10.11
2. GigabitEthernet 0/0.25 172.25.140.1 (Voice VLAN)
GigabitEthernet 0/0.35 172.35.140.1 (Data VLAN)
A call flow looks like this:
PHONE (172.25.140.100) ----> CME (172.25.140.1) ***OUT***(10.1.10.11)---->FIREWALL(10.1.10.1)***OUT***(STATIC WAN IP)---->SIP.US(gw1.sip.us)
Inbound Calls:
Inbound calling is done via the "num-exp" argument for a single DID and a single extension. There is no way we can predict what you want to do with your internal routing. So if you want a hunt-group or dial-peer, you are on your own to figure out that configuration (Dr. Google should be of service). However, note that we will always the deliver the call in the +1NXXNXXXXXX format.
Outbound Calls:
The outbound pattern is set to ".T" which quite literally means "Dial at least one digit and then wait for timeout. The timeout is 10 seconds. We are expecting you to dial 1NXXNXXXXXX within 10 seconds. Yes, that means you! We expect you to dial 11 digits. Again, we must receive 11 digits for a North American call to work. If you want something different (and we know you do), you must contrive the dial pattern on your own. You could make this anything that you want provided it sends us 11 digits for North American calls. Please consult Dr. Google for a specific dial pattern for your situation. Did we mention that you need to send 11 digits?
Without further ado, here is the configuration:
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sipdemo
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
ip dhcp excluded-address 172.25.140.1 172.25.140.10
ip dhcp excluded-address 172.35.140.1 172.35.140.10
!
ip dhcp pool Data
network 172.25.0.0 255.255.0.0
default-router 127.25.140.1
option 66 ip 172.25.140.1
option 150 ip 172.25.140.1
!
ip dhcp pool Voice
network 172.35.0.0 255.255.0.0
default-router 172.35.140.1
option 66 ip 172.35.140.1
option 150 ip 172.35.140.1
!
!
ip domain name test.lan
ip name-server YOUR_DNS_IP
ip multicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice service voip
ip address trusted list
ipv4 65.254.44.194
ipv4 74.81.71.18
ipv4 10.1.10.11
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
sip
!
voice class sip-profiles 1
request INVITE sip-header From modify "<sip:YourTrunkNumber@YourPublicIP>" "<sip:YourTrunkNumber@gw1.sip.us>"
request INVITE sip-header From modify "<sip:YourTrunkNumber@172.25.140.1>" "<sip:YourTrunkNumber@gw1.sip.us>"
!
!
voice register global
mode cme
source-address 172.25.140.1 port 5060
max-dn 40
max-pool 42
tftp-path flash:
create profile sync 0005078016008528
!
voice register dn 1
number 2001
allow watch
name PH-2001
label 2001
mwi
!
voice register dn 2
number 2002
allow watch
name PH-2002
label 2002
mwi
!
!
!
voice translation-rule 5
rule 1 /^.*/ /YourTrunkNumber/
!
!
voice translation-profile SIP.US-Outgoing
translate calling 5
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
!
redundancy
!
!
ip tftp source-interface GigabitEthernet0/0.25
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.25
description Data VLAN
encapsulation dot1Q 25
ip address 172.25.140.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.35
description Voice VLAN
encapsulation dot1Q 35
ip address 172.35.140.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
ip address 10.1.10.11 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source static 172.25.140.1 10.1.10.11 route-map SIP_NAT
ip route 0.0.0.0 0.0.0.0 10.1.10.1
!
ip access-list extended UDP_RTP
permit udp any any range 8000 20000
permit udp any any eq 5060
!
access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any
access-list 140 permit ip host 172.35.140.15 any
access-list 140 permit ip any host 172.35.140.15
access-list 140 permit ip host 172.25.140.1 any
access-list 140 permit ip any host 172.25.140.1
!
!
!
!
route-map SIP_NAT permit 10
match ip address UDP_RTP
!
!
tftp-server flash:P00308010200.bin
tftp-server flash:P00308010200.sbn
tftp-server flash:P00308010200.sb2
tftp-server flash:P00308010200.loads
tftp-server flash:OS79XX.txt
tftp-server flash:/Ringtones/Pop.raw alias Pop.raw
tftp-server flash:/SCCP-Phones/SCCP42.9-3-1SR4-1S.loads alias SCCP42.9-3-1SR4-1S.loads
tftp-server flash:/Ringtones/Ringlist.xml alias Ringlist.xml
tftp-server flash:/Ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:term42.default.loads
tftp-server flash:term62.default.loads
tftp-server flash:SCCP42.9-3-1SR3-1S.loads
tftp-server flash:SCCP42.9-3-1SR4-1S.loads
tftp-server flash:apps42.9-3-1ES26.sbn
tftp-server flash:cnu42.9-3-1ES26.sbn
tftp-server flash:cvm42sccp.9-3-1ES26.sbn
tftp-server flash:dsp42.9-3-1ES26.sbn
tftp-server flash:jar42sccp.9-3-1ES26.sbn
tftp-server flash:SIPDefault.cnf
tftp-server flash:/music-on-hold.au
tftp-server flash:/Ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/Ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/Ringtones/Ring1.raw alias Ring1.raw
!
control-plane
!
!
!
!
mgcp profile default
!
!
dial-peer voice 2 voip
description **Outgoing Calls to SIP.US SIP Trunk**
translation-profile outgoing SIP.US-Outgoing
destination-pattern .T
session protocol sipv2
session target dns:gw1.sip.us
voice-class sip profiles 1
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
!
num-exp YOUR_DID_with_+_in_front YOUR_EXTENSION
sip-ua
connection-reuse
!
!
!
telephony-service
max-ephones 30
max-dn 50
ip source-address 172.25.140.1 port 2000
auto assign 1 to 2
cnf-file location flash:
load 7960-7940 P00308010200
load 7942 SCCP42.9-3-1SR4-1S.loads
max-conferences 8 gain 6
dn-webedit
time-webedit
transfer-system full-consult
create cnf-files version-stamp 7960 Nov 09 2015 11:59:31
!
!
ephone-dn 1
number 1001
label 1001
description Phone 1
name Phone 1
hold-alert 30 originator
!
!
ephone-dn 2
number 1002
label 1002
description Phone 2
name Phone 2
hold-alert 30 originator
!
!
ephone 1
device-security-mode none
mac-address 0014.1C51.F40C
type 7940
button 1:1
!
!
!
ephone 2
device-security-mode none
mac-address 0013.197E.5391
type 7940
button 1:2
!
!
!
alias exec flash:/SCCP-Phones/ SCCP42.9-3-1SR4-1S.loads
!
line con 0
line aux 0
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
end
I don´t know my public IP Address because my firewall uses dinamic address.
request INVITE sip-header From modify "" " sip:YourTrunkNumber@gw1.sip.us>"
How could I solve this situation?