Transcription
Configuration NoteAudioCodes Professional Services – Interoperability LabConnecting Cisco Unified Communications Manager Ver. 12.0with Microsoft Teams Direct Routing Enterprise Model usingAudioCodes Mediant SBCVersion 7.2
Configuration NoteContentsTable of Contents1Introduction .71.11.21.32Intended Audience. 7About Microsoft Teams Direct Routing . 7About AudioCodes SBC Product Series . 7Component Information.92.12.22.32.4AudioCodes SBC Version. 9Cisco CUCM Version. 9Microsoft Teams Direct Routing Version . 9Interoperability Test Topology . 102.4.12.4.22.4.32.4.43Configuring Teams Direct Routing .133.13.23.3Prerequisites . 13SBC Domain Name in the Teams Enterprise Model . 13Example of the Office 365 Tenant Direct Routing Configuration . 143.3.13.3.23.3.33.3.43.3.53.3.64Online PSTN Gateway Configuration . 14Online PSTN Usage Configuration. 14Online Voice Route Configuration . 14Online Voice Routing Policy Configuration . 14Enable Online User . 15Assigning Online User to the Voice Route. 15Configuring Cisco CUCM .174.14.24.35Enterprise Model Implementation. 10Environment Setup . 11Infrastructure Prerequisites . 11Known Limitations . 11Log in to Cisco Unified Communications Manager. 17Create a New Trunk . 17Create a New Route Pattern. 19Configuring AudioCodes SBC .235.15.2SBC Configuration Concept in Teams Direct Routing Enterprise Model . 24IP Network Interfaces Configuration . 245.2.15.2.25.3SIP TLS Connection Configuration . 275.3.15.3.25.3.35.3.45.3.55.45.55.6Configure the NTP Server Address . 27Create a TLS Context for Teams Direct Routing . 28Configure a Certificate . 29Method of Generating and Installing the Wildcard Certificate . 32Deploy Baltimore Trusted Root Certificate . 33Configure Media Realms . 34Configure SIP Signaling Interfaces . 35Configure Proxy Sets and Proxy Address . 365.6.15.75.85.9Configure VLANs. 25Configure Network Interfaces . 25Configure a Proxy Address . 37Configure Coders . 39Configure IP Profiles. 41Configure IP Groups . 44Version 7.23AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCM5.105.115.125.135.145.155.165.17Configure SRTP . 46Configuring Message Condition Rules . 47Configuring Classification Rules . 48Configure IP-to-IP Call Routing Rules. 49Configuring Firewall Settings . 50Configure Number Manipulation Rules . 51Configure Message Manipulation Rules . 52Miscellaneous Configuration. 595.17.1 Configure Call Forking Mode . 595.17.2 Optimizing CPU Cores Usage for a Specific Service (relevant for Mediant 9000 andSoftware SBC only) . 60AAudioCodes INI File .61AudioCodes Mediant SBC4Document #: LTRT-29313
Configuration NoteNoticesNoticeNoticeInformation contained in this document is believed to be accurate and reliable at the time ofprinting. However, due to ongoing product improvements and revisions, AudioCodes cannotguarantee accuracy of printed material after the Date Published nor can it accept responsibilityfor errors or omissions. Updates to this document can be downloaded ocuments.This document is subject to change without notice.Date Published: November-23-2021WEEE EU DirectivePursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed ofwith unsorted waste. Please contact your local recycling authority for disposal of this product.Customer SupportCustomer technical support and services are provided by AudioCodes or by an authorizedAudioCodes Service Partner. For more information on how to buy technical support forAudioCodes products and for contact information, please visit our website tenance-and-support.Stay in the Loop with AudioCodesAbbreviations and TerminologyEach abbreviation, unless widely used, is spelled out in full when first used.Document Revision RecordLTRTDescription29312Initial document release for Version 7.2.29313Coder Group for Teams was updated.Documentation FeedbackAudioCodes continually strives to produce high quality documentation. If you have anycomments (suggestions or errors) regarding this document, please fill out the DocumentationFeedback form on our Web site at ck.Version 7.25AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThis page is intentionally left blank.AudioCodes Mediant SBC6Document #: LTRT-29313
Configuration Note11. IntroductionIntroductionThis Configuration Note describes how to set up the AudioCodes Enterprise Session BorderController (hereafter, referred to as SBC) for interworking between Cisco CUCM andMicrosoft's Teams Direct Routing environment.You can also use AudioCodes' SBC Wizard tool to automatically configure the SBC basedon this interoperability setup. However, it is recommended to read through this document tobetter understand the various configuration options. For more information on AudioCodes'SBC Wizard including the download option, visit AudioCodes Web site rability-list.1.1Intended AudienceThis document is intended for engineers, or AudioCodes and Cisco CUCM partners who areresponsible for installing and configuring Cisco CUCM and Microsoft's Teams Direct RoutingService in Enterprise Model for enabling VoIP calls using AudioCodes SBC.1.2About Microsoft Teams Direct RoutingMicrosoft Teams Direct Routing allows connecting a customer-provided SBC to the MicrosoftPhone System. The customer-provided SBC can be connected to almost any telephonytrunk, or connect with third-party PSTN equipment. The connection allows:1.3 Using virtually any PSTN trunk with Microsoft Phone System Configuring interoperability between customer-owned telephony equipment, such asthird-party PBXs, analog devices, and Microsoft Phone SystemAbout AudioCodes SBC Product SeriesAudioCodes' family of SBC devices enables reliable connectivity and security between theEnterprise's and the service provider's VoIP networks.The SBC provides perimeter defense as a way of protecting Enterprises from malicious VoIPattacks; mediation for allowing the connection of any PBX and/or IP-PBX to any serviceprovider; and Service Assurance for service quality and manageability.Designed as a cost-effective appliance, the SBC is based on field-proven VoIP and networkservices with a native host processor, allowing the creation of purpose-built multiserviceappliances, providing smooth connectivity to cloud services, with integrated quality ofservice, SLA monitoring, security and manageability. The native implementation of SBCprovides a host of additional capabilities that are not possible with standalone SBCappliances such as VoIP mediation, PSTN access survivability, and third-party value-addedservices applications. This enables Enterprises to utilize the advantages of convergednetworks and eliminate the need for standalone appliances.AudioCodes SBC is available as an integrated solution running on top of its field-provenMediant Media Gateway and Multi-Service Business Router platforms, or as a software-onlysolution for deployment with third-party hardware. The SBC can be offered as a VirtualizedSBC, supporting the following platforms: Hyper-V, AWS, AZURE, AWP, KVM and VMWare.Version 7.27AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThis page is intentionally left blank.AudioCodes Mediant SBC8Document #: LTRT-29313
Configuration Note2. Component Information2Component Information2.1AudioCodes SBC VersionTable 2-1: AudioCodes SBC VersionSBC VendorAudioCodesModels Software Version7.20A.254.202 or laterProtocol Additional NotesNone2.2Mediant 500 Gateway & E-SBCMediant 500L Gateway & E-SBCMediant 800B Gateway & E-SBCMediant 800C Gateway & E-SBCMediant 1000B Gateway & E-SBCMediant 2600 E-SBCMediant 4000 SBCMediant 4000B SBCMediant 9000 SBCMediant 9030 SBCMediant 9080 SBCMediant Software SBC (VE/SE/CE)SIP/UDP or SIP/TCP (to the Cisco CUCM SIP Trunk)SIP/TLS (to the Teams Direct Routing)Cisco CUCM VersionTable 2-2: Cisco CUCM VersionVendor/Service ProviderCiscoSSW Model/ServiceCUCMSoftware Version12.0.1ProtocolSIPAdditional NotesNone2.3Microsoft Teams Direct Routing VersionTable 2-3: Microsoft Teams Direct Routing VersionVendorMicrosoftModelTeams Phone System Direct RoutingSoftware Versionv.2019.9.24.1 i.EUNO.4ProtocolSIPAdditional NotesNoneVersion 7.29AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCM2.4Interoperability Test TopologyMicrosoft Teams Direct Routing can be implemented in the Enterprise or Hosting Models.2.4.1Enterprise Model ImplementationThe interoperability testing between AudioCodes SBC and Cisco CUCM with Teams DirectRouting Enterprise Model was done using the following topology setup: Enterprise deployed with Cisco CUCM as IP-PBX, analog devices and theadministrator's management station, located on the LAN Enterprise deployed with Microsoft Teams Phone System Direct Routing Interfacelocated on the WAN for enhanced communication within the Enterprise AudioCodes SBC is implemented to interconnect between the Cisco CUCM in theEnterprise LAN and Microsoft Teams on the WAN Session: Real-time voice session using the IP-based Session Initiation Protocol(SIP).Border: IP-to-IP network border - the Cisco CUCM is located in the EnterpriseLAN and the Microsoft Teams Phone Systems is located in the public network.The figure below illustrates this interoperability test topology:Figure 2-1: Interoperability Test Topology between SBC and Microsoft Teams Direct RoutingEnterprise Model with Cisco CUCMEnterprise NetworkDMZManagementStation (OAMP)InternetLANFirewallCisco CUCMAudioCodes Mediant SBC10Document #: LTRT-29313
Configuration Note2.4.22. Component InformationEnvironment SetupThe interoperability test topology includes the following environment setup:Table 2-4: Environment SetupAreaSetupNetwork SignalingTranscoding CodecsTranscoding Microsoft Teams Direct Routing environment is located on theEnterprise's (or Service Provider’s) WAN Cisco CUCM is located on the LANMicrosoft Teams Direct Routing operates with SIP-over-TLStransport type Cisco CUCM operates with SIP-over-UDP or SIP-over-TCPtransport typeMicrosoft Teams Direct Routing supports G.711A-law, G.711Ulaw, G.729, G.722 and SILK (NB and WB) coders Cisco CUCM supports G.711A-law, G.711U-law, and G.722codersMedia Transcoding Microsoft Teams Direct Routing operates with SRTP media type Cisco CUCM operates with RTP media type2.4.3Infrastructure PrerequisitesThe table below shows the list of infrastructure prerequisites for deploying Microsoft TeamsDirect Routing.Table 2-5: Infrastructure PrerequisitesInfrastructure PrerequisiteDetailsCertified Session Border Controller (SBC)SIP Trunks connected to the SBCOffice 365 TenantDomainsPublic IP address for the SBCFully Qualified Domain Name (FQDN) for the SBCSee Microsoft's document Plan Direct Routing.Public DNS entry for the SBCPublic trusted certificate for the SBCFirewall ports for Direct Routing SignalingFirewall IP addresses and ports for Direct Routing MediaMedia Transport ProfileFirewall ports for Teams Clients Media2.4.4Known LimitationsThere were no limitations observed in the interoperability tests done for the AudioCodes SBCinterworking between Microsoft Teams Direct Routing and Cisco CUCM.Version 7.211AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThis page is intentionally left blank.AudioCodes Mediant SBC12Document #: LTRT-29313
Configuration Note33. Configuring Teams Direct RoutingConfiguring Teams Direct RoutingThis section describes how to configure Microsoft Teams Direct Routing to operate withAudioCodes SBC.3.1PrerequisitesBefore you begin configuration, make sure you have the following for every SBC you wantto pair:3.2 Public IP address FQDN name matching SIP addresses of the users Public certificate, issued by one of the supported CAsSBC Domain Name in the Teams Enterprise ModelThe SBC domain name must be from one of the names registered in 'Domains' of the tenant.You cannot use the *.onmicrosoft.com tenant for the domain name. For example, in Figure2-2, the administrator registered the following DNS names for the tenant:Table 3-1: DNS Names Registered by an Administrator for a TenantDNS nameCan be usedfor SBC FQDNExamples of FQDN namesACeducation.infoYesValid names: sbc.ACeducation.info ussbcs15.ACeducation.info europe.ACeducation.infoInvalid name:sbc1.europe.ACeducation.info (requiresregistering domain name europe.atatum.biz in'Domains' first)adatumbiz.onmicrosoft.comNoUsing *.onmicrosoft.com domains is notsupported for SBC nameshybridvoice.orgYesValid names: sbc1.hybridvoice.org ussbcs15.hybridvoice.org europe.hybridvoice.orgInvalid name:sbc1.europe.hybridvoice.org (requires registeringdomain name europe.hybridvoice.org in 'Domains'firstUsers can be from any SIP domain registered for the tenant. For example, you can provideusers user@ACeducation.info with the SBC FQDN sbc1.hybridvoice.org so long as bothnames are registered for this tenant.Version 7.213AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMFigure 3-1: Example of Registered DNS NamesDuring creation of the Domain you will be forced to create public DNS record(sbc1.hybridvoice.org in our example.)3.3Example of the Office 365 Tenant Direct RoutingConfiguration3.3.1Online PSTN Gateway ConfigurationUse following PowerShell command for creating new Online PSTN Gateway:New-CsOnlinePSTNGateway -Identity sbc1.hybridvoice.org -SipSignallingPort 5068 ForwardCallHistory True -ForwardPai True -MediaBypass True -Enabled True3.3.2Online PSTN Usage ConfigurationUse following PowerShell command for creating an empty PSTN Usage:Set-CsOnlinePstnUsage -Identity Global -Usage @{Add "Interop"}3.3.3Online Voice Route ConfigurationUse following PowerShell command for creating new Online Voice Route and associate itwith PSTN "-NumberPattern" \ "OnlinePstnGatewayList sbc1.hybridvoice.org -Priority 1 -OnlinePstnUsages "Interop"3.3.4Online Voice Routing Policy ConfigurationUse following PowerShell command for assigning the Voice Route to the PSTN Usage:New-CsOnlineVoiceRoutingPolicy "audc-interop" -OnlinePstnUsages "Interop"AudioCodes Mediant SBC14Document #: LTRT-29313
Configuration Note3. Configuring Teams Direct RoutingNote: The commands specified in Sections 3.3.5 and 3.3.6, should be run for eachTeams user in the company tenant.3.3.5Enable Online UserUse following PowerShell command for enabling online user:Set-CsUser -Identity user1@company.com -EnterpriseVoiceEnabledHostedVoiceMail true -OnPremLineURI tel: 123456789013.3.6 true-Assigning Online User to the Voice RouteUse following PowerShell command for assigning online user to the Voice audc-interop"-Identityuser1@company.comUse the following command on the Microsoft Teams Direct Routing Management Shell afterreconfiguration to verify correct values: sModeVersion 3,504TrueFalseNoneAudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThis page is intentionally left blank.AudioCodes Mediant SBC16Document #: LTRT-29313
Configuration Note44. Configuring Cisco CUCMConfiguring Cisco CUCMThis section describes how to configure the Cisco Unified Communications Manager.4.1Log in to Cisco Unified Communications ManagerThe procedure below describes how to log in to the Cisco CUCM Administration interface. To log in to the Cisco Unified CM Administration interface:1.Log in to the Cisco Unified CM Administration by entering the IP address of the CiscoUnified Communications Manager (CUCM) in the Web browser address field.Figure 4-1: Cisco Unified CM Administration4.22.In the 'Username' field, enter the user name.3.In the 'Password' field, enter the password.4.Click Login.Create a New TrunkThis section describes how to create a new trunk. To create a new trunk:1.From the Device menu drop-down list, select Trunk.2.Click Add New.Figure 4-2: Trunk page3.Select Trunk Type – SIP Trunk.4.Click Next.Version 7.217AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMFigure 4-3: Create Trunk Page5.In the Device Name field, enter a unique SIP Trunk name and optionally provide adescription.6.From the Device Pool drop-down list, select a device pool.Figure 4-4: SIP Trunk Settings Page7.Select the 'Redirecting Diversion Header Delivery – Outbound' check box.Figure 4-5: Redirecting Diversion Header Delivery8.Enter the Destination Address and Destination Port of the AudioCodes SBC.AudioCodes Mediant SBC18Document #: LTRT-29313
Configuration Note4. Configuring Cisco CUCMFigure 4-6: SIP Information Section9.From the SIP Trunk Security drop-down list, select a profile.10. From the SIP Profile drop-down list, select a profile.11. Click Save.4.3Create a New Route PatternThis section describes how to create a new route pattern. To create new Route Pattern:1.From the Call Routing menu drop-down list, go to the Route/Hunt menu and selectRoute Pattern.Figure 4-7: Route Pattern page2.Click Add New.3.Enter a Route Pattern according to schema (optionally provide a description).4.From the Gateway/Route List drop-down list, select the SIP Trunk device name.Version 7.219AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMFigure 4-8: Create Route Pattern Page5.Click Save.Figure 4-9: Added Route PatternAudioCodes Mediant SBC20Document #: LTRT-29313
Configuration Note4. Configuring Cisco CUCMFigure 4-10: Added TrunkNote: An ‘*’ indicates a mandatory field.Version 7.221AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThis page is intentionally left blank.AudioCodes Mediant SBC22Document #: LTRT-29313
Configuration Note55. Configuring AudioCodes SBCConfiguring AudioCodes SBCThis section provides step-by-step procedures on how to configure AudioCodes SBC forinterworking between Microsoft Teams Direct Routing and the Cisco CUCM. Theseconfiguration procedures are based on the interoperability test topology described in Section2.4 on page 10, and includes the following main areas: SBC LAN interface – Management Station and Cisco CUCM SBC WAN interface – Teams Direct Routing environmentThis configuration is done using the SBC's embedded Web server (hereafter, referred to asWeb interface).Notes: For implementing Microsoft Teams Direct Routing and Cisco CUCM based on theconfiguration described in this section, AudioCodes SBC must be installed with aLicense Key that includes the following software features: Enable Microsoft (licensing MSFT) [All AudioCodes media gateways and SBCsare by default shipped with this license. Exceptions: MSBR products and Mediant500 SBC or Media Gateways] Microsoft TEAMS (licensing SW/TEAMS) Number of SBC sessions [Based on requirements] DSP Channels [If media transcoding is needed] Transcoding sessions [If media transcoding is needed]For more information about the License Key, contact your AudioCodes salesrepresentative. The scope of this document does not cover all security aspects for configuring thistopology. Comprehensive security measures should be implemented per yourorganization's security policies. For security recommendations on AudioCodes’products, refer to the Recommended Security Guidelines document, which can befound at AudioCodes web siteVersion 7.223AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCM5.1SBC Configuration Concept in Teams Direct RoutingEnterprise ModelThe diagram below represents AudioCodes’ device configuration concept in the EnterpriseModel.Figure 5-1: SBC Configuration nterfaceIPGroupProxySetTeamsDirect RoutingIP Network Interfaces ConfigurationThis section describes how to configure the SBC's IP network interfaces. There are severalways to deploy the SBC; however, this interoperability test topology employs the followingdeployment method: SBC interfaces with the following IP entities: Management Servers and Cisco CUCM, located on the LAN Microsoft Teams Direct Routing located on the WAN SBC connects to the WAN through a DMZ network Physical connection: The type of physical connection depends on the method used toconnect to the Enterprise's network. In the interoperability test topology, SBC connectsto the LAN and DMZ using dedicated ethernet ports(i.e., two ports and two network cables are used). SBC also uses two logical network interfaces: LAN (VLAN ID 1) DMZ (VLAN ID 2)Figure 5-2: Network Interfaces in Interoperability Test TopologyLAN PortVlan ID 1LANLAN PortVlan ID 2DMZManagementStation (OAMP)FirewallWANCUCMAudioCodes Mediant SBC24Document #: LTRT-29313
Configuration Note5.2.15. Configuring AudioCodes SBCConfigure VLANsThis section describes how to configure VLANs for each of the following interfaces: LAN VoIP (assigned the name "LAN IF") WAN VoIP (assigned the name "WAN IF") To configure the VLANs:1.Open the Ethernet Device table (Setup menu IP Network tab Core Entities folder Ethernet Devices).2.There will be one existing row for VLAN ID 1 and underlying interface GROUP 1.3.Add another VLAN ID 2 for the WAN sideFigure 5-3: Configured VLAN IDs in Ethernet Device5.2.2Configure Network InterfacesThis section describes how to configure the IP network interfaces for each of the followinginterfaces: LAN Interface (assigned the name "LAN IF") WAN Interface (assigned the name "WAN IF") To configure the IP network interfaces:1.Open the IP Interfaces table (Setup menu IP Network tab Core Entities folder IP Interfaces).2.Configure the IP interfaces as follows (your network parameters might be different):Table 5-1: Configuration Example of the Network Interface TableIndexApplicationTypesInterface ModeIP AddressPrefixLengthGatewayDNSI/F NameEthernetDevice0OAMP Media AN IFvlan 11Media Control (asthis interface pointsto the Internet,enabling OAMP isnot recommended)IPv4Manual195.189.192.157(DMZ IP address ofSBC)25195.189.192.129(router's IPaddress)According toyour InternetWAN IFprovider'sinstructionsvlan 2Version 7.225AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCMThe configured IP network interfaces are shown below:Figure 5-4: Configured Network Interfaces in IP Interfaces TableAudioCodes Mediant SBC26Document #: LTRT-29313
Configuration Note5.35. Configuring AudioCodes SBCSIP TLS Connection ConfigurationThis section describes how to configure the SBC for using a TLS connection with theMicrosoft Teams Direct Routing Phone System. This configuration is essential for a secureSIP TLS connection. The configuration instructions in this section are based on the followingdomain structure that must be implemented as part of the certificate which must be loadedto the host SBC: CN: sbc1.hybridvoice.org SAN: sbc1.hybridvoice.orgThis certificate module is based on the Service Provider's own TLS Certificate. For morecertificate structure options, see Microsoft Teams Direct Routing documentation.The Microsoft Phone System Direct Routing Interface allows only TLS connections fromSBCs for SIP traffic with a certificate signed by one of the Trusted Certification Authorities.Currently, supported Certification Authorities can be found in the following or-the-sbc5.3.1Configure the NTP Server AddressThis section describes how to configure the NTP server's IP address. It is recommended toimplement an NTP server (Microsoft NTP server or another global server) to ensure that theSBC receives the current date and time. This is necessary for validating certificates of remoteparties. It is important, that NTP Server will locate on the OAMP IP Interface (LAN IF in ourcase) or will be accessible through it. To configure the NTP server address:1.Open the Time & Date page (Setup menu Administration tab Time & Date).2.In the 'Primary NTP Server Address' field, enter the IP address of the NTP server(e.g., 10.15.28.1).Figure 5-5: Configuring NTP Server Address3.Version 7.2Click Apply.27AudioCodes Mediant SBC
Microsoft Teams Direct Routing & Cisco CUCM5.3.2Create a TLS Context for Teams Direct RoutingThis section describes how to configure TLS Context in the SBC. AudioCodes recommendsimplementing only TLS to avoid flaws in SSL. To configure the TLS version:1.Open the TLS Contexts table (Setup menu IP Network tab Security folder TLSContexts).2.Create a new TLS Context by clicking New at the top of the interface, and then configurethe parameters using the table below as reference:Table 5-2: New TLS ContextIndexNameTLS Version1Teams (arbitrary descriptive name)TLSv1.2All other parameters can be left unchanged with their default values.Note: The table above exemplifies configuration focusing on interconnecting SIP andmedia. You might want to configure additional parameters according to yourcompany's policies. For example, you might want to configure Online CertificateStatus Protocol (OCSP) to check if SBC certificates presented in the online server arestill valid or revoked. For more information on the SBC's configuration, see the User'sManual, available for download from nts.Figure 5-6: Configuring TLS Context for Teams Direct Routing3.Click Apply.AudioCodes Mediant SBC28Document #: LTRT-29
Nov 23, 2021 · Microsoft Teams Direct Routing allows connecting a customer-provided SBC to the Microsoft Phone System. The customer-provided SBC can be connected to almost any telephony . solution for deployment with third-party hardware. The SBC can be offered as a Virtualized SBC, supporting the
