Configuring a SIP Trunk is fairly simple. Once you have the telephony server all configured and the Phones communication with each other internally you can now configure the SIP Trunk.

Start by setting up the voice server voip like this:

voice service voip
ip address trusted list
ipv4 X.X.X.X
ipv4 X.X.X.X
ipv4 X.X.X.X
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
registrar server

X.X.X.X section is highly recommend to do as it will protect the SIP trunk from toll fraud. Put your SIP trunks providers IP addresses in there!

Create a Voice Translation profile like this if you want to have a 9 for an outside line and for it to be stripped off before sending the digits down the trunk:

voice translation-rule 3
rule 2 /^999$/ /999/
rule 5 /^9(.*)/ /1/

voice translation-profile SIPPrefix
translate calling 2
translate called 3

Rule 2 is basically so that if you dial 999 or 9999 it will still be able to dial Emergency Services (I am Based in the UK 🙂 ) In an Emergency users may forget to dial 9 and this way you are covered!

Dial-peer is configured next like so:

dial-peer voice 5 voip
description **Outgoing Calls to Any Number – SIP TRUNK**
translation-profile outgoing SIPPrefix
destination-pattern 9T
session protocol sipv2
session target sip-server
incoming called-number .%
voice-class codec 1
dtmf-relay rtp-nte
no vad

destination-pattern 9T is so that the 9 is dialed to access this dial-peer for an outside line. You can change the 9 to any digit or digit combination you like

Now configure the actual SIP Trunk:

credentials username *USERNAME* password 0 *PASSWORD*
authentication username *USERNAME* password 0 *PASSWORD*
no remote-party-id
retry invite 2
retry register 10
retry options 1
timers connect 100
registrar dns:*SIP TRUNK DNS NAME* expires 3600
sip-server dns:*SIP TRUNK DNS NAME*

use “show sip-ua register status” to see if the Trunk is online:

Line                                         peer                   expires(sec)             registered            P-Associ-URI
================== ========== ============ ========== ============
*USERNAME*                        -1                     48                            yes


While I was configuring this I had an attack and the internet was only connected to this box for 10 minutes while I pulled the config:

Jan 24 15:43:24.893: %SEC-6-IPACCESSLOGP: list INTERNET denied udp -> MY.IP.ADDRESS.X(5060), 1 packet

So you MUST lock down port 5060 and 2000!

Good Luck!

Leave a Reply

Your email address will not be published. Required fields are marked *