Page 1
Configuration Note
AudioCodes Mediant™ Family of Media Gateways & Session Border Controllers
Connecting AudioCodes' SBC with Analog
Device to Microsoft Teams Direct Routing
Enterprise Model
Version 7.2
Page 2
Page 3
Configuration Note Contents
Table of Contents
1 Introduction ......................................................................................................... 7
1.1 About Microsoft Teams Direct Routing .................................................................... 7
1.2 About AudioCodes SBC Product Series .................................................................. 7
1.3 Validated AudioCodes SBC Version ........................................................................ 8
2 Topology Example .............................................................................................. 9
2.1.1 Enterprise Model Implementation .............................................................................. 9
2.1.2 Environment Setup .................................................................................................. 11
2.1.3 Infrastructure Prerequisites ..................................................................................... 11
3 Configuring Teams Direct Routing .................................................................. 13
3.1 Prerequisites .......................................................................................................... 13
3.2 SBC Domain Name in the Teams Enterprise Model .............................................. 13
3.3 Configuration Example of Office 365 Tenant Direct Routing ................................. 14
3.3.1 Online PSTN Gateway Configuration ...................................................................... 14
3.3.2 Online PSTN Usage Configuration .......................................................................... 14
3.3.3 Online Voice Route Configuration ........................................................................... 15
3.3.4 Online Voice Routing Policy Configuration .............................................................. 15
3.3.5 Enable Online User .................................................................................................. 15
3.3.6 Assigning Online User to the Voice Route .............................................................. 15
3.3.7 Analog Device Voice Route Configuration .............................................................. 16
3.3.8 Configure with User Management Pack 365 (Optional) .......................................... 16
4 Configuring AudioCodes SBC ......................................................................... 17
4.1 SBC Configuration Concept in Teams Direct Routing ........................................... 17
4.2 IP Network Interfaces Configuration ...................................................................... 18
4.2.1 Configure VLANs ..................................................................................................... 18
4.2.2 Configure Network Interfaces .................................................................................. 19
4.3 SIP TLS Connection Configuration ........................................................................ 20
4.3.1 Configure the NTP Server Address ......................................................................... 20
4.3.2 Create a TLS Context for Teams Direct Routing ..................................................... 21
4.3.3 Configure a Certificate ............................................................................................. 22
4.3.4 Method for Generating and Installing the Wildcard Certificate ................................ 25
4.3.5 Deploy Baltimore Trusted Root Certificate .............................................................. 26
4.4 Configure Media Realms ........................................................................................ 27
4.5 Configure SIP Signaling Interfaces ........................................................................ 28
4.6 Configure Proxy Sets and Proxy Address .............................................................. 29
4.6.1 Configure Proxy Sets ............................................................................................... 29
4.6.2 Configure a Proxy Address ...................................................................................... 30
4.7 Configure Coders ................................................................................................... 32
4.8 Configure IP Profiles .............................................................................................. 35
4.9 Configure IP Groups .............................................................................................. 39
4.10 Configure SRTP ..................................................................................................... 41
4.11 Configuring Message Condition Rules ................................................................... 42
4.12 Configure Classification Rules ............................................................................... 43
4.13 Configure IP-to-IP Call Routing Rules .................................................................... 45
4.14 Configure Firewall Settings .................................................................................... 47
Version 7.2 3 AudioCodes Mediant SBC
Page 4
Teams Direct Routing & Analog Devices
5 Verify the Pairing Between the SBC and Direct Routing ............................... 49
6 Verify ATA Registered Users in the SBC ........................................................ 51
A Configuring MP-1xx ATA for Connecting Analog Devices ............................ 53
A.1 Configure Proxy Server and Registration ............................................................... 53
A.2 Configure the Endpoint Phone Number Table ....................................................... 54
A.3 Configure the Hunt Group ...................................................................................... 55
A.4 Configure IP-to-Hunt Group Routing ...................................................................... 55
A.5 Configure SIP UDP Transport Type and Fax Signaling Method ............................ 56
B Configuring MP-20x ATA for Connecting Analog Devices ............................ 57
B.1 Configure SIP Interface Settings ............................................................................ 57
B.2 Configure Media Streaming Parameters ................................................................ 58
B.3 Configuring Line Settings ....................................................................................... 59
C Syntax Requirements for SIP Messages 'INVITE' and 'OPTIONS' ................. 61
C.1 Terminology ........................................................................................................... 61
C.2 Syntax Requirements for 'INVITE' Messages ........................................................ 61
C.3 Requirements for 'OPTIONS' Messages Syntax .................................................... 62
C.4 Connectivity Interface Characteristics .................................................................... 63
AudioCodes Mediant SBC 4 Document #: LTRT-33426
Page 5
Configuration Note Notices
Notice
Information contained in this document is believed to be accurate and reliable at the time of
printing. However, due to ongoing product improvements and revisions, AudioCodes cannot
guarantee accuracy of printed material after the Date Published nor can it accept responsibility
for errors or omissions. Updates to this document can be downloaded from
https://www.audiocodes.com/library/technical-documents.
This document is subject to change without notice.
Date Published: August-13-2020
WEEE EU Directive
Pursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed of
with unsorted waste. Please contact your local recycling authority for disposal of this product.
Customer Support
Customer technical support and services are provided by AudioCodes or by an authorized
AudioCodes Service Partner. For more information on how to buy technical support for
AudioCodes products and for contact information, please visit our website at
https://www.audiocodes.com/services-support/maintenance-and-support
Stay in the Loop with AudioCodes
Abbreviations and Terminology
Each abbreviation, unless widely used, is spelled out in full when first used.
.
Version 7.2 5 AudioCodes Mediant SBC
Page 6
Teams Direct Routing & Analog Devices
(added note for Baltimore
Related Documentation
Document Name
Mediant 500 Gateway & E-SBC User's Manual
Mediant 500L Gateway & E-SBC User's Manual
Mediant 800 Gateway & E-SBC User's Manual
Mediant 1000B Gateway and E-SBC User's Manual
Mediant 2600 SBC User's Manual
Mediant 4000 SBC User's Manual
Mediant 9000 SBC User's Manual
Mediant Software SBC User's Manual
MP-11x and MP-124 SIP User's Manual
MP-20x Telephone Adapter User's Manual
SIP Message Manipulation Reference Guide
AudioCodes Configuration Notes
Document Revision Record
LTRT Description
33421 Initial document release for Version 7.2. Teams Enterprise Model.
33422 Modified Section: Deploy Baltimore Trusted Root Certificate
Trusted Root Certificate and MTLS implementation).; Configure SIP Signaling
Interfaces; Configure IP Groups
33423 Note removed regarding external firewall.
33424 Licenses consolidated into one section.
33425
33426 Update to the “Related Documentation” table to include the Mediant 1000B Gateway
Update to topology figures and correction for parameter “Remote Update Support” to
“SIP UPDATE Support”.
& E-SBC product.
Documentation Feedback
AudioCodes continually strives to produce high quality documentation. If you have any
comments (suggestions or errors) regarding this document, please fill out the Documentation
Feedback form on our website at https://online.audiocodes.com/documentation-feedback
.
AudioCodes Mediant SBC 6 Document #: LTRT-33426
Page 7
Configuration Note 1. Introduction
1 Introduction
This Configuration Note describes an example setup of the AudioCodes Enterprise Session
Border Controller (hereafter, referred to as SBC) for interworking between Company's SIP
Trunk, ATA device and Microsoft's Teams Direct Routing environment.
For configuring the Office 365 side, please refer to
us/microsoftteams/direct-routing-configure.
This document is intended for IT or telephony professionals.
1.1 About Microsoft Teams Direct Routing
Teams Direct Routing allows connecting a customer-provided SBC to the Microsoft Phone
System. The customer-provided SBC can be connected to almost any telephony trunk, or
connect with third-party PSTN equipment. The connection allows:
Using virtually any PSTN trunk with Microsoft Phone System
Configuring interoperability between customer-owned telephony equipment, such as
third-party PBXs, analog devices, and Microsoft Phone System
1.2 About AudioCodes SBC Product Series
https://docs.microsoft.com/en-
AudioCodes' family of SBC devices enables reliable connectivity and security between the
Enterprise's and the service provider's VoIP networks.
The SBC provides perimeter defense as a way of protecting Enterprises from malicious VoIP
attacks; mediation for allowing the connection of any PBX and/or IP-PBX to any service
provider; and Service Assurance for service quality and manageability.
Designed as a cost-effective appliance, the SBC is based on field-proven VoIP and network
services with a native host processor, allowing the creation of purpose-built multiservice
appliances, providing smooth connectivity to cloud services, with integrated quality of
service, SLA monitoring, security and manageability. The native implementation of SBC
provides a host of additional capabilities that are not possible with standalone SBC
appliances such as VoIP mediation, PSTN access survivability, and third-party value-added
services applications. This enables Enterprises to utilize the advantages of converged
networks and eliminate the need for standalone appliances.
AudioCodes SBC is available as an integrated solution running on top of its field-proven
Mediant Media Gateway and Multi-Service Business Router platforms, or as a software-only
solution for deployment with third-party hardware. The SBC can be offered as a Virtualized
SBC, supporting the following platforms: Hyper-V, AWS, AZURE, AWP, KVM and VMWare.
Version 7.2 7 AudioCodes Mediant SBC
Page 8
Teams Direct Routing & Analog Devices
AudioCodes sales
1.3 Validated AudioCodes SBC Version
Microsoft has successfully conducted validation tests with AudioCodes' Mediant SBC
Ver. 7.20A.250. Previous firmware versions may run successfully; however, Microsoft did
not test such versions. For updated list refer to
for Direct Routing.
Note: For implementing Microsoft Teams Direct Routing based on the configuration
described in this document, AudioCodes SBC must be installed with a License Key that
includes the following features:
• MSFT (general Microsoft license)
Note: By default, all AudioCodes media gateways and SBCs are shipped with this
license (except MSBR products, Mediant 500 SBC, and Mediant 500 Media
Gateway).
• SW/TEAMS (Microsoft Teams license)
• Number of SBC sessions (based on requirements)
• Transcoding sessions (only if media transcoding is needed)
• Coders (based on requirements)
For more information about the License Key, contact your
representative.
List of Session Border Controllers certified
AudioCodes Mediant SBC 8 Document #: LTRT-33426
Page 9
Configuration Note 2. Topology Example
SIP Trunk
Enterprise Network
DMZ
Manag ement
Stat ion (OAMP)
ITSP
IP-PBX
Anal og D evice s
ATA
Session Bor der Controller
LAN
PSTN
Internet
Phone System
Firew all
2 Topology Example
Teams Direct Routing can be implemented in the Enterprise or Hosting Models.
2.1.1 Enterprise Model Implementation
The interoperability example between AudioCodes SBC and Company SIP Trunk with
Teams Direct Routing Enterprise Model assume the following topology setup:
Enterprise deployed with ATA, connected analog devices and the administrator's
management station, located on the LAN
Enterprise deployed with Teams Phone System Direct Routing Interface located on
the WAN for enhanced communication within the Enterprise
Enterprise wishes to offer its employees enterprise-voice capabilities and to connect
the Enterprise to the PSTN network using Company's SIP Trunking service
AudioCodes SBC is implemented to interconnect between the SIP Trunk and Teams
Direct Routing located in the WAN
The figure below illustrates this topology example:
Figure 2-1: Connection Topology with SIP Trunk on the LAN
Version 7.2 9 AudioCodes Mediant SBC
Page 10
Teams Direct Routing & Analog Devices
SIP Trunk
Enterprise Network
DMZ
Manag ement
Stat ion (OAMP)
ITSP
IP-PBX
Anal og D evice s
ATA
Session Bor der Controller
LAN
PSTN
Internet
Phone System
Firew all
Figure 2-2: Connection Topology with SIP Trunk on the WAN
AudioCodes Mediant SBC 10 Document #: LTRT-33426
Page 11
Configuration Note 2. Topology Example
s
Company SIP Trunk operates with RTP media type
2.1.2 Environment Setup
The example topology includes the following environment setup:
Table 2-1: Environment Setup
Area Setup
Network
Teams Direct Routing environment is located on the Enterprise'
(or Service Provider’s) WAN
Company SIP Trunk is located on the LAN
Signaling
Transcoding
Codecs
Transcoding
Teams Direct Routing operates with SIP-over-TLS transport type
Company SIP Trunk operates with SIP-over-UDP transport type
Teams Direct Routing supports G.711A-law, G.711U-law, G.729
and SILK (NB and WB) coders
Company SIP Trunk supports G.711A-law, G.711U-law, and
G.729 coders
Media Transcoding
Teams Direct Routing operates with SRTP media type
2.1.3 Infrastructure Prerequisites
The table below shows the list of infrastructure prerequisites for deploying Teams Direct
Routing.
Table 2-2: Infrastructure Prerequisites
Infrastructure Prerequisite Details
Certified Session Border Controller (SBC)
SIP Trunks connected to the SBC
Office 365 Tenant
Domains
Public IP address for the SBC
Fully Qualified Domain Name (FQDN) for the SBC
Public DNS entry for the SBC
Public trusted certificate for the SBC
Firewall ports for Direct Routing Signaling
Firewall IP addresses and ports for Direct Routing Media
Media Transport Profile
Firewall ports for Teams Clients Media
See Microsoft's document Plan Direct Routing
.
Version 7.2 11 AudioCodes Mediant SBC
Page 12
Teams Direct Routing & Analog Devices
This page is intentionally left blank.
AudioCodes Mediant SBC 12 Document #: LTRT-33426
Page 13
Configuration Note 3. Configuring Teams Direct Routing
3 Configuring Teams Direct Routing
This section describes an example of Teams Direct Routing configuration to operate with
AudioCodes SBC.
3.1 Prerequisites
Before you begin configuration, make sure you have the following for every SBC you want
to pair:
Public IP address
FQDN name matching SIP addresses of the users
Public certificate, issued by one of the supported CAs
3.2 SBC Domain Name in the Teams Enterprise Model
The SBC domain name must be from one of the names registered in 'Domains' of the tenant.
You cannot use the *.onmicrosoft.com tenant for the domain name. For example, in Figure
3-1, the administrator registered the following DNS names for the tenant:
Table 3-1: DNS Names Registered by an Administrator for a Tenant
DNS name
ACeducation.info Yes Valid names:
adatumbiz.onmicrosoft.com No
hybridvoice.org Yes Valid names:
Users can be from any SIP domain registered for the tenant. For example, you can provide
users user@ACeducation.info
names are registered for this tenant.
Can be used
for SBC FQDN
with the SBC FQDN sbc1.hybridvoice.org so long as both
Examples of FQDN names
sbc.ACeducation.info
ussbcs15.ACeducation.info
europe.ACeducation.info
Invalid name:
sbc1.europe.ACeducation.info (requires
registering domain name europe.atatum.biz in
'Domains' first)
Using *.onmicrosoft.com domains is not
supported for SBC names
sbc1.hybridvoice.org
ussbcs15.hybridvoice.org
europe.hybridvoice.org
Invalid name:
sbc1.europe.hybridvoice.org (requires registering
domain name europe.hybridvoice.org in 'Domains'
first
Version 7.2 13 AudioCodes Mediant SBC
Page 14
Teams Direct Routing & Analog Devices
Figure 3-1: Example of Registered DNS Names
During creation of the Domain you will be forced to create public DNS record
(sbc1.hybridvoice.org in our example.)
3.3 Configuration Example of Office 365 Tenant Direct Routing
Note: This section shows an example only. For more detailed information please refer
to Microsoft Site: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-
configure
3.3.1 Online PSTN Gateway Configuration
Use following PowerShell command for creating new Online PSTN Gateway:
New-CsOnlinePSTNGateway -Identity sbc1.hybridvoice.org -SipSignallingPort 5068 ForwardCallHistory $True -ForwardPai $True -MediaBypass $True -Enabled $True
3.3.2 Online PSTN Usage Configuration
Use following PowerShell command for creating an empty PSTN Usage:
Set-CsOnlinePstnUsage -Identity Global -Usage @{Add="Interop"}
AudioCodes Mediant SBC 14 Document #: LTRT-33426
Page 15
Configuration Note 3. Configuring Teams Direct Routing
3.3.3 Online Voice Route Configuration
Use following PowerShell command for creating new Online Voice Route and associate it
with PSTN Usage:
New-CsOnlineVoiceRoute -Identity "audc-interop" -NumberPattern "^\+" OnlinePstnGatewayList sbc1.hybridvoice.org -Priority 1 -OnlinePstnUsages "Interop"
3.3.4 Online Voice Routing Policy Configuration
Use following PowerShell command for assigning the Voice Route to the PSTN Usage:
New-CsOnlineVoiceRoutingPolicy "audc-interop" -OnlinePstnUsages "Interop"
Use the following command on the Teams Direct Routing Management Shell after
reconfiguration to verify correct values:
Get-CsOnlinePSTNGateway
Identity : sbc1.hybridvoice.org
Fqdn : sbc1.hybridvoice.org
SipSignallingPort : 5068
CodecPriority : SILKWB, SILKNB, PCMU, PCMA
ExcludedCodecs :
FailoverTimeSeconds : 10
ForwardCallHistory : True
ForwardPai : True
SendSipOptions : True
MaxConcurrentSessions :
Enabled : True
MediaBypass : True
Note: The commands specified in Sections 3.3.5 and 3.3.6, should be run for each
Teams user (excluding ATA device users) in the company tenant.
3.3.5 Enable Online User
Use following PowerShell command for enabling online user:
Set-CsUser -Identity user1@company.com -EnterpriseVoiceEnabled $true -
HostedVoiceMail $true -OnPremLineURI tel:+12345678900
3.3.6 Assigning Online User to the Voice Route
Use following PowerShell command for assigning online user to the Voice Route:
Grant-CsOnlineVoiceRoutingPolicy -PolicyName "audc-interop" -Identity
user1@company.com
Note: The command specified in Section 3.3.7 does not need to be run for each ATA
device user, if the number pattern already points to the PSTNGateway and has been
associated with PSTN Usage (see Section 3.3.3).
Version 7.2 15 AudioCodes Mediant SBC
Page 16
Teams Direct Routing & Analog Devices
3.3.7 Analog Device Voice Route Configuration
Use the following PowerShell command for creating a new Online Voice Route and
associating it with PSTN Usage:
New-CsOnlineVoiceRoute -Identity "audc-interop" -NumberPattern "^\+12345678901" OnlinePstnGatewayList sbc1.hybridvoice.org -Priority 1 -OnlinePstnUsages "Interop"
3.3.8 Configure with User Management Pack 365 (Optional)
As an alternative to PowerShell commands, AudioCodes recommend using User
Management Pack 365 (UMP365). UMP365 provides a simple web-portal user interface for
configuring and managing the Online Voice Route and associating it with PSTN Usage and
PSTN Gateway. See examples below:
Figure 3-2: Example of Adding new Voice Route
Figure 3-3: Example of Voice Routes Table
AudioCodes Mediant SBC 16 Document #: LTRT-33426
Page 17
Configuration Note 4. Configuring AudioCodes SBC
Ana log
Device s
SI P
Trunk
Pro xy Set IP Group
SIP
Interface
SIP
Interface
IP Group Proxy Set
SIP
Interface
IP Group
SBC
Phone System
4 Configuring AudioCodes SBC
This section provides example of step-by-step procedures on how to configure AudioCodes
SBC for interworking between Teams Direct Routing and the Company SIP Trunk. These
configuration procedures are based on the topology example described in Section 2.1.1 on
page 9, and includes the following main areas:
SBC LAN interface – ATA devices environment
SBC WAN interface - Company SIP Trunking and Teams Direct Routing environment
This configuration is done using the SBC's embedded Web server (hereafter, referred to as
Web interface).
Notes:
• For implementing Teams Direct Routing based on the configuration described in
this section, AudioCodes SBC must be installed with a License Key. For more
information, see Section 1.3 on page 8.
• The scope of this document does not cover all security aspects for configuring this
topology. Comprehensive security measures should be implemented per your
organization's security policies. For security recommendations on AudioCodes’
products, refer to the Recommended Security Guidelines document, which can be
found at AudioCodes web site
4.1 SBC Configuration Concept in Teams Direct Routing
The diagram below represents AudioCodes’ device configuration concept.
Figure 4-1: SBC Configuration Concept
Version 7.2 17 AudioCodes Mediant SBC
Page 18
Teams Direct Routing & Analog Devices
ITSP
Management
Stat ion (OAMP )
LAN
WAN
DMZ
LAN Port
LAN Port
Vlan ID 1
Vlan ID 2
Session B order Controll er
Phone System
Firew all
ATA
IP-PBX
4.2 IP Network Interfaces Configuration
This section describes how to configure the SBC's IP network interfaces. There are several
ways to deploy the SBC; however, this example employs the following deployment method:
SBC interfaces with the following IP entities:
• Teams Direct Routing and Company SIP Trunk, located on the WAN
• IP-PBX and/or ATA, located on the LAN
SBC connects to the WAN through a DMZ network
Physical connection: The type of physical connection depends on the method used to
connect to the Enterprise's network. In the example topology, SBC connects to the
LAN and DMZ using dedicated ethernet ports (i.e., two ports and two network cables
are used).
SBC also uses two logical network interfaces:
• LAN (VLAN ID 1)
• DMZ (VLAN ID 2)
Figure 4-2: Network Interfaces in the Example Topology
4.2.1 Configure VLANs
This section describes how to configure VLANs for each of the following interfaces:
LAN VoIP (assigned the name "LAN_IF")
WAN VoIP (assigned the name "WAN_IF")
To configure the VLANs:
1. Open the Ethernet Device table (Setup menu > IP Network tab > Core Entities folder
> Ethernet Devices).
2. There will be one existing row for VLAN ID 1 and underlying interface GROUP_1.
3. Add another VLAN ID 2 for the WAN side
Figure 4-3: Configured VLAN IDs in Ethernet Device
AudioCodes Mediant SBC 18 Document #: LTRT-33426
Page 19
Configuration Note 4. Configuring AudioCodes SBC
Prefix
Length
According to
your Internet
4.2.2 Configure Network Interfaces
This section describes how to configure the IP network interfaces for each of the following
interfaces:
LAN Interface (assigned the name "LAN_IF")
WAN Interface (assigned the name "WAN_IF")
To configure the IP network interfaces:
1. Open the IP Interfaces table (Setup menu > IP Network tab > Core Entities folder >
IP Interfaces).
2. Configure the IP interfaces as follows (your network parameters might be different):
Table 4-1: Configuration Example of the Network Interface Table
Index
0
1
Application
Types
OAMP+ Media +
Control
Media + Control (as
this interface points
to the internet,
enabling OAMP is
not recommended)
The configured IP network interfaces are shown below:
Interfac
e Mode
IPv4
Manual
IPv4
Manual
IP Address
10.15.77.77 16 10.15.0.1 10.15.27.1 LAN_IF vlan 1
195.189.192.157
(DMZ IP address of
SBC)
25
Gateway DNS I/F Name
195.189.192.129
(router's IP
address)
provider's
instructions
Figure 4-4: Configured Network Interfaces in IP Interfaces Table
Ethernet
Device
WAN_IF vlan 2
Version 7.2 19 AudioCodes Mediant SBC
Page 20
Teams Direct Routing & Analog Devices
4.3 SIP TLS Connection Configuration
This section describes how to configure the SBC for using a TLS connection with the Teams
Direct Routing Phone System. This configuration is essential for a secure SIP TLS
connection. The configuration instructions example in this section are based on the following
domain structure that must be implemented as part of the certificate which must be loaded
to the host SBC:
CN: sbc1.hybridvoice.org
SAN: sbc1.hybridvoice.org
This certificate module is based on the Service Provider's own TLS Certificate. For more
certificate structure options, see Microsoft Teams Direct Routing documentation.
The Phone System Direct Routing Interface allows only TLS connections from SBCs for SIP
traffic with a certificate signed by one of the Trusted Certification Authorities.
Currently, supported Certification Authorities can be found in the following link:
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-plan#public-trustedcertificate-for-the-sbc
4.3.1 Configure the NTP Server Address
This section describes how to configure the NTP server's IP address. It is recommended to
implement an NTP server (Microsoft NTP server or another global server) to ensure that the
SBC receives the current date and time. This is necessary for validating certificates of remote
parties. It is important, that NTP Server will locate on the OAMP IP Interface (LAN_IF in our
case) or will be accessible through it.
To configure the NTP server address:
1. Open the Time & Date page (Setup menu > Administration tab > Time & Date).
2. In the 'Primary NTP Server Address' field, enter the IP address of the NTP server
(e.g., 10.15.28.1).
Figure 4-5: Configuring NTP Server Address
3. Click Apply.
AudioCodes Mediant SBC 20 Document #: LTRT-33426
Page 21
Configuration Note 4. Configuring AudioCodes SBC
media. You might want to configure additional parameters according to your
company's policies. For example, you might want to configure Online Certificate
4.3.2 Create a TLS Context for Teams Direct Routing
This section describes how to configure TLS Context in the SBC. AudioCodes recommends
implementing only TLS to avoid flaws in SSL.
To configure the TLS version:
1. Open the TLS Contexts table (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. Create a new TLS Context by clicking New at the top of the interface, and then configure
the parameters using the table below as reference:
Table 4-2: New TLS Context
Index Name TLS Version
1 Teams (arbitrary descriptive name) TLSv1.2
All other parameters can be left unchanged with their default values.
Note: The table above exemplifies configuration focusing on interconnecting SIP and
Status Protocol (OCSP) to check if SBC certificates presented in the online server are
still valid or revoked. For more information on the SBC's configuration, see the User's
Manual, available for download from https://www.audiocodes.com/library/technical-
documents.
Figure 4-6: Configuring TLS Context for Teams Direct Routing
3. Click Apply.
Version 7.2 21 AudioCodes Mediant SBC
Page 22
Teams Direct Routing & Analog Devices
4.3.3 Configure a Certificate
This section describes how to request a certificate for the SBC and to configure it based on
the example of DigiCert Global Root CA. The certificate is used by the SBC to authenticate
the connection with Teams Direct Routing.
The procedure involves the following main steps:
a. Generating a Certificate Signing Request (CSR).
b. Requesting Device Certificate from CA.
c. Obtaining Trusted Root/ Intermediate Certificate from CA.
d. Deploying Device and Trusted Root/ Intermediate Certificates on SBC.
To configure a certificate:
1. Open the TLS Contexts page (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. In the TLS Contexts page, select the required TLS Context index row, and then click
the Change Certificate link located below the table; the Context Certificates page
appears.
3. Under the Certificate Signing Request group, do the following:
a. In the 'Subject Name [CN]' field, enter the SBC FQDN name
(based on example above, sbc1.hybridvoice.org).
st
b. In the ‘1
enter the SBC FQDN name (based on example above, sbc1.hybridvoice.org).
Subject Alternative Name [SAN]’ field, change the type to ‘DNS’ and
Note: The domain portion of the Common Name [CN] and 1st Subject Alternative
Name [SAN] must match the SIP suffix configured for Office 365 users.
c. Change the 'Private Key Size' based on the requirements of your Certification
Authority. Many CAs do not support private key of size 1024. In this case, you
must change the key size to 2048.
d. To change the key size on TLS Context, go to: Generate New Private Key and
Self-Signed Certificate, change the 'Private Key Size' to 2048 and then click
Generate Private-Key. To use 1024 as a Private Key Size value, you can click
Generate Private-Key without changing the default key size value.
e. Fill in the rest of the request fields according to your security provider's
instructions.
f. Click the Create CSR button; a textual certificate signing request is displayed in
the area below the button:
AudioCodes Mediant SBC 22 Document #: LTRT-33426
Page 23
Configuration Note 4. Configuring AudioCodes SBC
Figure 4-7: Example of Certificate Signing Request – Creating CSR
4. Copy the CSR from the line "----BEGIN CERTIFICATE" to "END CERTIFICATE
REQUEST----" to a text file (such as Notepad), and then save it to a folder on your
computer with the file name, for example certreq.txt.
5. Send certreq.txt file to the Certified Authority Administrator for signing.
Version 7.2 23 AudioCodes Mediant SBC
Page 24
Teams Direct Routing & Analog Devices
6. After obtaining an SBC signed and Trusted Root/Intermediate Certificate from the CA,
in the SBC's Web interface, return to the TLS Contexts page and do the following:
a. In the TLS Contexts page, select the required TLS Context index row, and then
click the Change Certificate link located below the table; the Context Certificates
page appears.
b. Scroll down to the Upload certificates files from your computer group, click
the Choose File button corresponding to the 'Send Device Certificate...' field,
navigate to the certificate file obtained from the CA, and then click Load File to
upload the certificate to the SBC.
Figure 4-8: Uploading the Certificate Obtained from the Certification Authority
7. Confirm that the certificate was uploaded correctly. A message indicating that the
certificate was uploaded successfully is displayed in blue in the lower part of the page.
8. In the SBC's Web interface, return to the TLS Contexts page, select the required TLS
Context index row, and then click the Certificate Information link, located at the bottom
of the TLS. Then validate the Key size, certificate status and Subject Name:
Figure 4-9: Certificate Information Example
AudioCodes Mediant SBC 24 Document #: LTRT-33426
Page 25
Configuration Note 4. Configuring AudioCodes SBC
9. In the SBC's Web interface, return to the TLS Contexts page.
a. In the TLS Contexts page, select the required TLS Context index row, and then
click the Trusted Root Certificates link, located at the bottom of the TLS
Contexts page; the Trusted Certificates page appears.
b. Click the Import button, and then select all Root/Intermediate Certificates
obtained from your Certification Authority to load.
10. Click OK; the certificate is loaded to the device and listed in the Trusted Certificates
store:
Figure 4-10: Example of Configured Trusted Root Certificates
4.3.4 Method for Generating and Installing the Wildcard Certificate
To use the same certificate on multiple devices, you may prefer using 3rd party application
(e.g. DigiCert Certificate Utility for Windows
Certificate Authority on another machine, with this utility installed.
After you've processed the certificate request and response using the DigiCert utility, test the
certificate private key and chain and then export the certificate with private key and assign a
password.
To install the certificate:
1. Open the TLS Contexts page (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. In the TLS Contexts page, select the required TLS Context index row, and then click
the Change Certificate link located below the table; the Context Certificates page
appears.
3. Scroll down to the Upload certificates files from your computer group and do the
following:
a. Enter the password assigned during export with the DigiCert utility in the 'Private
key pass-phrase' field.
b. Click the Choose File button corresponding to the 'Send Private Key...' field and
then select the SBC certificate file exported from the DigiCert utility.
) to process the certificate request from your
Version 7.2 25 AudioCodes Mediant SBC
Page 26
Teams Direct Routing & Analog Devices
4.3.5 Deploy Baltimore Trusted Root Certificate
Note: Loading Baltimore Trusted Root Certificates into AudioCodes' SBC mandatory
for implementing MTLS connection with Microsoft.
The DNS name of the Teams Direct Routing interface is sip.pstnhub.microsoft.com. In
this interface, a certificate is presented which is signed by Baltimore Cyber Baltimore
CyberTrust Root with Serial Number: 02 00 00 b9 and SHA fingerprint: d4:de:20:d0:5e:66:fc:
53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74.
To trust this certificate, your SBC must have the certificate in Trusted Certificates storage.
Download the certificate from https://cacert.omniroot.com/bc2025.pem
above to import the certificate to the Trusted Root storage.
Note: Before importing the Baltimore Root Certificate into AudioCodes' SBC, make
sure it's in .PEM or .PFX format. If it isn't, you need to convert it to .PEM or .PFX
format. Otherwise, you will receive a 'Failed to load new certificate' error message. To
convert to PEM format, use the Windows local store on any Windows OS and then
export it as 'Base-64 encoded X.509 (.CER) certificate'.
and follow the steps
AudioCodes Mediant SBC 26 Document #: LTRT-33426
Page 27
Configuration Note 4. Configuring AudioCodes SBC
4.4 Configure Media Realms
This section describes how to configure Media Realms. Media Realms allow the dividing of
UDP port ranges for use on different interfaces. The simplest configuration is to create Media
Realms for internal (ATA) and external (Teams and SIP Trunk) traffic.
To configure Media Realms:
1. Open the Media Realms table (Setup menu > Signaling & Media tab > Core Entities
folder > Media Realms).
2. Configure Media Realms as follows (you can use the default Media Realm (Index 0),
but modify it):
Table 2-3: Configuration Example Media Realms in Media Realm Table
Index Name
0
1
2
SIPTrunk
(arbitrary name)
Teams (arbitrary
name)
MRLan (arbitrary
name)
The configured Media Realms are shown in the figure below:
Figure 4-11: Configured Media Realms in Media Realm Table
Topology
IPv4 Interface
Location
Up WAN_IF
Up WAN_IF
Name
LAN_IF
Port Range
Start
6000
7000
6000
Number of Media
Session Legs
100 (media sessions
assigned with port range)
100 (media sessions
assigned with port range)
100 (media sessions
assigned with port range)
Version 7.2 27 AudioCodes Mediant SBC
Page 28
Teams Direct Routing & Analog Devices
4.5 Configure SIP Signaling Interfaces
This section describes how to configure SIP Interfaces. A SIP Interface defines a listening
port and type (UDP, TCP, or TLS) for SIP signaling traffic on a specific logical IP network
interface (configured in the Interface Table above) and Media Realm.
Note that the configuration of a SIP interface for the SIP Trunk and ATA device shows an
example, which may be different to your configuration. For specific configuration of interfaces
relating to SIP trunks and/or a third-party PSTN environment connected to the SBC, see the
trunk / environment vendor documentation.
To configure SIP Interfaces:
1. Open the SIP Interfaces table (Setup menu > Signaling & Media tab > Core Entities
folder > SIP Interfaces).
2. Configure SIP Interfaces. You can use the default SIP Interface (Index 0), however,
modify it as shown in the table below. The table below shows an example of the
configuration. You can change some of the parameters according to your requirements.
Note: The Direct Routing interface can only use TLS for a SIP port. It does not support
using TCP due to security reasons. The SIP port might be any port of your choice.
When pairing the SBC with Office 365, the chosen port is specified in the pairing
command.
Index Name
SIPTrunk
0
(arbitrary
name)
Teams
1
(arbitrary
name)
2
ATA
(arbitrary
name)
Table 4-4: Configuration Example of SIP Signaling Interfaces
Network
Interface
WAN_IF SBC
WAN_IF SBC
LAN_IF SBC
Application
Type
UDP Port
5060
(according
to Service
Provider
requirement)
0
(Phone
System
does not
use UDP or
TCP for SIP
signaling)
5060
(according
to Service
Provider
requirement)
TCP
Port
TLS Port
0 0
configured
0
0 0
5061 (as
in the
Office
365)
Enable
TCP
Keepalive
Disable
(leave
default
value)
Enable
Disable
(leave
default
value)
Classification
Failure
Response Type
500 (leave
default value)
0
(Recommended
to prevent DoS
attacks)
500 (leave
default value)
Note: For implementing an MTLS connection with the Microsoft Teams network,
configure ‘TLS Mutual Authentication’ to “Enable” for Teams SIP Interface.
Media
Realm
SIPTrunk -
Teams Teams
ATA -
TLS
Context
Name
Note: Loading Baltimore Trusted Root Certificates to AudioCodes' SBC is mandatory
for implementing an MTLS connection with the Microsoft Teams network . Refer to
Section 4.3.5 on page 26.
AudioCodes Mediant SBC 28 Document #: LTRT-33426
Page 29
Configuration Note 4. Configuring AudioCodes SBC
The configured SIP Interfaces are shown in the figure below:
Figure 4-12: Configured SIP Interfaces in SIP Interface Table
4.6 Configure Proxy Sets and Proxy Address
4.6.1 Configure Proxy Sets
This section describes how to configure Proxy Sets. The Proxy Set defines the destination
address (IP address or FQDN) of the IP entity server. Proxy Sets can also be used to
configure load balancing between multiple servers.
For the example topology, Proxy Sets need to be configured for the following IP entities:
Company SIP Trunk
Teams Direct Routing
The Proxy Sets will later be applied to the VoIP network by assigning them to IP Groups.
To configure Proxy Sets:
1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities
folder > Proxy Sets).
2. Configure Proxy Sets as shown in the table below:
Table 4-5: Configuration Example Proxy Sets in Proxy Sets Table
Index Name
1
2
SIPTrunk
(arbitrary name)
Teams
(arbitrary name)
SBC IPv4
SIP
Interface
SIPTrunk Default
Teams Teams
TLS Context
Name
Proxy
Keep-Alive
Using
Options
Using
Options
Proxy Hot
Swap
- -
Enable
Proxy
Load
Balancing
Method
Random
Weights
Version 7.2 29 AudioCodes Mediant SBC
Page 30
Teams Direct Routing & Analog Devices
Proxy Random
The configured Proxy Sets are shown in the figure below:
Figure 4-13: Configured Proxy Sets in Proxy Sets Table
4.6.2 Configure a Proxy Address
This section shows how to configure a Proxy Address for the SIP Trunk and Teams entities..
To configure a Proxy Address for SIP Trunk:
1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities folder
> Proxy Sets) and then click the Proxy Set SIPTrunk, and then click the Proxy Address
link located below the table; the Proxy Address table opens.
2. Click +New; the following dialog box appears:
Figure 4-14: Configuring Proxy Address for SIP Trunk
3. Configure the address of the Proxy Set according to the parameters described in the
table below:
Table 4-6: Configuration Proxy Address for SIP Trunk
Index Proxy Address
0
4. Click Apply.
SIPTrunk.com:5060
(SIP Trunk IP / FQDN and port)
Transport
Type
UDP 0 0
Proxy
Priority
Weight
AudioCodes Mediant SBC 30 Document #: LTRT-33426
Page 31
Configuration Note 4. Configuring AudioCodes SBC
Proxy Random
To configure a Proxy Address for Teams:
1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities
folder > Proxy Sets) and then click the Proxy Set Teams, and then click the Proxy
Address link located below the table; the Proxy Address table opens.
2. Click +New; the following dialog box appears:
Figure 4-15: Configuring Proxy Address for Teams Direct Routing Interface
3. Configure the address of the Proxy Set according to the parameters described in the
table below:
Table 4-7: Configuration Proxy Address for Teams Direct Routing
Index Proxy Address
0 sip.pstnhub.microsoft.com:5061 TLS 1 1
1 sip2.pstnhub.microsoft.com:5061 TLS 2 1
2 sip3.pstnhub.microsoft.com:5061 TLS 3 1
4. Click Apply.
Transport
Type
Proxy
Priority
Weight
Version 7.2 31 AudioCodes Mediant SBC
Page 32
Teams Direct Routing & Analog Devices
G.729
4.7 Configure Coders
This section describes how to configure coders (termed Coder Group). As Teams Direct
Routing supports the SILK and OPUS coders while the network connection to Company SIP
Trunk may restrict operation with a dedicated coders list, you need to add a Coder Group
with the supported coders for each leg, the Teams Direct Routing and the Company SIP
Trunk.
Note that the Coder Group ID for this entity will be assigned to its corresponding IP Profile in
the next step.
To configure coders:
1. Open the Coder Groups table (Setup menu > Signaling & Media tab > Coders &
Profiles folder > Coder Groups).
2. Configure a Coder Group for Teams Direct Routing:
Parameter Value
Coder Group Name AudioCodersGroups_1
Coder Name
Figure 4-16: Configuring Coder Group for Teams Direct Routing
3. Click Apply, and then confirm the configuration change in the prompt that pops up.
SILK-NB
SILK-WB
G.711 A-law
G.711 U-law
AudioCodes Mediant SBC 32 Document #: LTRT-33426
Page 33
Configuration Note 4. Configuring AudioCodes SBC
The procedure below describes how to configure an Allowed Coders Group to ensure that
voice sent to the Company SIP Trunk uses the dedicated coders list whenever possible.
Note that this Allowed Coders Group ID will be assigned to the IP Profile belonging to the
Company SIP Trunk in the next step.
To set a preferred coder for the Company SIP Trunk:
1. Open the Allowed Audio Coders Groups table (Setup menu > Signaling & Media tab
> Coders & Profiles folder > Allowed Audio Coders Groups).
2. Click New and configure a name for the Allowed Audio Coders Group for Company SIP
Trunk.
Figure 4-17: Configuring Allowed Coders Group for Company SIP Trunk
3. Click Apply.
4. Select the new row that you configured, and then click the Allowed Audio Coders link
located below the table; the Allowed Audio Coders table opens.
5. Click New and configure an Allowed Coders as follows:
Parameter Value
Index 0
Coder G.729
Figure 4-18: Configuring Allowed Coders for Company SIP Trunk
Version 7.2 33 AudioCodes Mediant SBC
Page 34
Teams Direct Routing & Analog Devices
6. Open the Media Settings page (Setup menu > Signaling & Media tab > Media folder
> Media Settings).
Figure 4-19: SBC Preferences Mode
7. From the 'Preferences Mode' drop-down list, select Include Extensions.
8. Click Apply.
AudioCodes Mediant SBC 34 Document #: LTRT-33426
Page 35
Configuration Note 4. Configuring AudioCodes SBC
Coders first and then
4.8 Configure IP Profiles
This section describes how to configure IP Profiles. The IP Profile defines a set of call
capabilities relating to signaling (e.g., SIP message terminations such as REFER) and media
(e.g., coder and transcoding method).
In this example topology, IP Profiles need to be configured for the following IP entities:
Company SIP trunk – to operate in non-secure mode using RTP and SIP over UDP
Teams Direct Routing – to operate in secure mode using SRTP and SIP over TLS
ATA device – to operate in non-secure mode using RTP and SIP over UDP
To configure an IP Profile for the Company SIP Trunk:
1. Open the IP Profiles table (Setup menu > Signaling & Media tab > Coders & Profiles
folder > IP Profiles).
2. Click New, and then configure the parameters as follows:
Parameter Value
General
Index 1
Name SIPTrunk
Media Security
SBC Media Security Mode Not Secured
SBC Media
Allowed Audio Coders SIPTrunk Allowed Coders
Allowed Coders Mode Preference (lists Allowed
original coders in received SDP offer)
SBC Signaling
P-Asserted-Identity Header Mode Add (required for anonymous calls)
SBC Forward and Transfer
Remote REFER Mode Handle Locally
Remote Replaces Mode Handle Locally
Remote 3xx Mode Handle Locally
Version 7.2 35 AudioCodes Mediant SBC
Page 36
Teams Direct Routing & Analog Devices
Figure 4-20: Configuration example: Company SIP Trunk IP Profile
3. Click Apply.
To configure IP Profile for the Teams Direct Routing:
1. Open the IP Profiles table (Setup menu > Signaling & Media tab > Coders & Profiles
folder > IP Profiles).
2. Click New, and then configure the parameters as follows:
Parameter Value
General
Index 2
Name Teams (arbitrary descriptive name)
Media Security
SBC Media Security Mode Secured
SBC Early Media
Remote Early Media RTP
Detection Mode
By Media (required, as Teams Direct Routing does not
send RTP immediately to remote side when it sends a
SIP 18x response)
SBC Media
Extension Coders Group AudioCodersGroups_1
RTCP Mode
ICE Mode Lite (required only when Media Bypass enabled on
AudioCodes Mediant SBC 36 Document #: LTRT-33426
Generate Always (required, as some ITSPs do not
send RTCP packets during while in Hold mode, but
Microsoft expected to them)
Teams)
Page 37
Configuration Note 4. Configuring AudioCodes SBC
SBC Signaling
SIP UPDATE Support Not Supported
Remote re-INVITE Support Supported Only With SDP
Remote Delayed Offer
Support
SBC Forward and Transfer
Remote REFER Mode Handle Locally
Remote 3xx Mode Handle Locally
SBC Hold
Remote Hold Format Inactive (some SIP Trunk may answer with a=inactive
All other parameters can be left unchanged at their default values.
Figure 4-21: Configuration example: Teams Direct Routing IP Profile
Not Supported
and IP=0.0.0.0 in response to the Re-Invite with Hold
request from Teams. Microsoft Media Stack doesn’t
support this format. So, SBC will replace 0.0.0.0 with its
IP address)
3. Click Apply.
To configure an IP Profile for the ATA device:
1. Open the IP Profiles table (Setup menu > Signaling & Media tab > Coders & Profiles
folder > IP Profiles).
Version 7.2 37 AudioCodes Mediant SBC
Page 38
Teams Direct Routing & Analog Devices
2. Click New, and then configure the parameters as follows:
Parameter Value
General
Index 3
Name ATA
Media Security
SBC Media Security Mode Not Secured
SBC Forward and Transfer
Remote REFER Mode Handle Locally
Remote Replaces Mode Handle Locally
Remote 3xx Mode Handle Locally
Figure 4-22: Configuration example: ATA device IP Profile
3. Click Apply.
AudioCodes Mediant SBC 38 Document #: LTRT-33426
Page 39
Configuration Note 4. Configuring AudioCodes SBC
4.9 Configure IP Groups
This section describes how to configure IP Groups. The IP Group represents an IP entity on
the network with which the SBC communicates. This can be a server (e.g., IP PBX or ITSP)
or it can be a group of users (e.g., LAN IP phones). For servers, the IP Group is typically
used to define the server's IP address by associating it with a Proxy Set. Once IP Groups
are configured, they are used to configure IP-to-IP routing rules for denoting source and
destination of the call.
In this example topology, IP Groups must be configured for the following IP entities:
Company SIP Trunk located on WAN
Teams Direct Routing located on WAN
ATA device located on LAN
To configure IP Groups:
1. Open the IP Groups table (Setup menu > Signaling & Media tab > Core Entities folder
> IP Groups).
2. Configure an IP Group for the Company SIP Trunk:
Parameter Value
Index 1
Name SIPTrunk
Type Server
Proxy Set SIPTrunk
IP Profile SIPTrunk
Media Realm MR-SIPTrunk
SIP Group Name (according to ITSP requirement)
All other parameters can remain unchanged with their default values.
3. Configure an IP Group for the Teams Direct Routing:
Parameter Value
Index 2
Name Teams
Topology Location Up
Type Server
Proxy Set Teams
IP Profile Teams
Media Realm MR-Teams
Classify By Proxy Set Disable
Local Host Name < FQDN name of the SBC in the enterprise Teams
tenant > (For example, sbc.ACeducation.info)
Always Use Src Address Yes
Proxy Keep-Alive using IP
Group settings
All other parameters can be left unchanged with their default values.
Version 7.2 39 AudioCodes Mediant SBC
Enable
Page 40
Teams Direct Routing & Analog Devices
4. Configure an IP Group for the ATA device:
Parameter Value
Index 3
Name ATA
Topology Location Up
Type User
IP Profile ATA
Media Realm MRLan
SIP Group Name (according to ITSP requirement)
All other parameters can remain unchanged with their default values.
The configured IP Groups are shown in the figure below:
Figure 4-23: Configured IP Groups in IP Group Table
AudioCodes Mediant SBC 40 Document #: LTRT-33426
Page 41
Configuration Note 4. Configuring AudioCodes SBC
4.10 Configure SRTP
This section describes how to configure media security. The Direct Routing Interface needs
to use of SRTP only, so you need to configure the SBC to operate in the same manner.
To configure media security:
1. Open the Media Security page (Setup menu > Signaling & Media tab > Media folder
> Media Security).
2. From the 'Media Security' drop-down list, select Enable to enable SRTP.
Figure 4-24: Configuring SRTP
3. Click Apply.
Version 7.2 41 AudioCodes Mediant SBC
Page 42
Teams Direct Routing & Analog Devices
4.11 Configuring Message Condition Rules
This section describes how to configure the Message Condition Rules. A Message Condition
defines special conditions (pre-requisites) for incoming SIP messages. These rules can be
used as additional matching criteria for the IP-to-IP routing rules in the IP-to-IP Routing table.
The following condition verifies that the Contact header contains Microsoft Teams FQDN.
To configure a Message Condition rule:
1. Open the Message Conditions table (Setup menu > Signaling & Media tab > Message
Manipulation folder > Message Conditions).
2. Click New, and then configure the parameters as follows:
Parameter Value
Index 0
Name Teams-Contact (arbitrary descriptive name)
Condition header.contact.url.host contains 'pstnhub.microsoft.com'
Figure 4-25: Configuring Condition Table
3. Click Apply.
AudioCodes Mediant SBC 42 Document #: LTRT-33426
Page 43
Configuration Note 4. Configuring AudioCodes SBC
4.12 Configure Classification Rules
This section describes how to configure Classification rules. A Classification rule classifies
incoming SIP dialog-initiating requests (e.g., INVITE messages) to a ‘source’ IP Group. The
source IP Group is the SIP entity that sent the SIP dialog request. Once classified, the device
uses the IP Group to process the call (manipulation and routing).
You can also use the Classification table for employing SIP-level access control for
successfully classified calls, by configuring Classification rules with whitelist and blacklist
settings. If a Classification rule is configured as a whitelist ("Allow"), the device accepts the
SIP dialog and processes the call. If the Classification rule is configured as a blacklist
("Deny"), the device rejects the SIP dialog.
To configure a Classification rule:
1. Open the Classification table (Setup menu > Signaling & Media tab > SBC folder >
Classification Table).
2. Click New, and then configure classification rule for messages from Teams as follows:
Parameter Value
Index 0
Name Teams
Source SIP Interface Teams
Source IP Address 52.114.*.*
Destination Host sbc.ACeducation.info
Message Condition Teams-Contact
Action Type Allow
Source IP Group Teams
Figure 4-26: Configuring Classification Rule for Teams
3. Click Apply.
Version 7.2 43 AudioCodes Mediant SBC
Page 44
Teams Direct Routing & Analog Devices
4. Click New, and then configure classification rule for messages from ATA device as
follows:
Parameter Value
Index 1
Name ATA Users
Source SIP Interface ATA
Source Username Pattern +12345678901
Action Type Allow
Source IP Group ATA
Figure 4-27: Configuring Classification Rule for ATA users
5. Click Apply.
AudioCodes Mediant SBC 44 Document #: LTRT-33426
Page 45
Configuration Note 4. Configuring AudioCodes SBC
4.13 Configure IP-to-IP Call Routing Rules
This section describes how to configure IP-to-IP call routing rules. These rules define the
routes for forwarding SIP messages (e.g., INVITE) received from one IP entity to another.
The SBC selects the rule whose configured input characteristics (e.g., IP Group) match those
of the incoming SIP message. If the input characteristics do not match the first rule in the
table, they are compared to the second rule, and so on, until a matching rule is located. If no
rule is matched, the message is rejected. The routing rules use the configured IP Groups (as
configured in Section 4.9 on page 39) to denote the source and destination of the call.
For the example topology, the following IP-to-IP routing rules need to be configured to route
calls between Teams Direct Routing and Company SIP Trunk:
Terminate SIP OPTIONS messages on the SBC that are received from any entity
REGISTER requests from ATA device
Re-Route REFER messages to Teams Direct Routing
Calls from Teams Direct Routing to Company SIP Trunk
Calls from Company SIP Trunk to ATA device
Calls from Company SIP Trunk to Teams Direct Routing
Calls from ATA device to Teams Direct Routing
Calls from ATA device to Company SIP Trunk
To configure IP-to-IP routing rules:
1. Open the IP-to-IP Routing table (Setup menu > Signaling & Media tab > SBC folder >
Routing > IP-to-IP Routing).
2. Configure routing rules as shown in the table below:
Table 4-8: Configuration Example: IP-to-IP Call Routing Rules
Index Name
Terminate
0
OPTIONS
1
2
3 To ATA Any
4
5
6
7
ATA
Registration
Refer re-
routing
(arbitrary
name)
Teams to SIP
Trunk
SIP Trunk to
Teams
ATA to
Teams
ATA to SIP
Trunk
Source
IP Group
Any OPTIONS
ATA REGISTER
Any
Teams
SIPTrunk
ATA
ATA
Request
Type
Dest
Username
Pattern
+12345678
90
12345xxxxx
#
Call
Triger
REFER Teams
ReRoute
IP Group
Internal
All Users
IP Group ATA
IP Group SIPTrunk
IP Group Teams
IP Group Teams
IP Group SIPTrunk
Dest
Type
Request
URI
Dest
IP Group
Teams
Internal Action
Reply(Response
='200')
Version 7.2 45 AudioCodes Mediant SBC
Page 46
Teams Direct Routing & Analog Devices
The configured routing rules are shown in the figure below:
Figure 4-28: Configured IP-to-IP Routing Rules in IP-to-IP Routing Table
Note: The routing configuration may change according to your specific deployment
topology.
AudioCodes Mediant SBC 46 Document #: LTRT-33426
Page 47
Configuration Note 4. Configuring AudioCodes SBC
4.14 Configure Firewall Settings
As a security measure, there is an option to configure traffic filtering rules (access list) for
incoming traffic on AudioCodes SBC. For each packet received on the configured network
interface, the SBC searches the table from top to bottom until the first matching rule is found.
The matched rule can permit (allow) or deny (block) the packet. Once a rule in the table is
located, subsequent rules further down the table are ignored. If the end of the table is
reached without a match, the packet is accepted. Please note that the firewall is stateless.
The blocking rules will apply to all incoming packets, including UDP or TCP responses.
To configure a firewall rule:
1. Open the Firewall table (Setup menu > IP Network tab > Security folder> Firewall).
2. Configure the following Access list rules for Teams Direct Rout IP Interface:
Table 2-9: Firewall Table Rules
Index Source IP
0
1 52.114.148.0 32 0
2 52.114.132.46 32 0
3 52.114.75.24 32 0
4 52.114.76.76 32 0
5 52.114.7.24 32 0
6 52.114.14.70 32 0
49 0.0.0.0 0 0
<Public DNS Server IP>
(e.g. 8.8.8.8)
Subnet
Prefix
32 0
Note: Be aware that if in your configuration, connectivity to SIP Trunk (or other entities)
is performed through the same IP Interface as Teams (WAN_IF in our example), you
must add rules to allow traffic from these entities.
Start
Port
End
Port
65535
65535
65535
65535
65535
65535
65535
65535
Use
Protocol
Specific
Interface
Any Enable WAN_IF Allow
TCP Enable WAN_IF Allow
TCP Enable WAN_IF Allow
TCP Enable WAN_IF Allow
TCP Enable WAN_IF Allow
TCP Enable WAN_IF Allow
TCP Enable WAN_IF Allow
Any Enable WAN_IF Block
Interface
ID
Allow
Type
Version 7.2 47 AudioCodes Mediant SBC
Page 48
Teams Direct Routing & Analog Devices
This page is intentionally left blank.
AudioCodes Mediant SBC 48 Document #: LTRT-33426
Page 49
Configuration Note 5. Verify the Pairing Between the SBC and Direct Routing
5 Verify the Pairing Between the SBC and
Direct Routing
After you have paired the SBC with Teams Direct Routing using the NewCsOnlinePSTNGateway PowerShell command, validate that the SBC can successfully
exchange OPTIONS with Direct Routing.
To validate the pairing using SIP OPTIONS:
1. Open the Proxy Set Status page (Monitor menu > VoIP Status tab> Proxy Set Status).
2. Find the Direct SIP connection and verify that 'Status' is online. If you see a failure, you
need to troubleshoot the connection first, before configuring voice routing.
Figure 5-1: Proxy Set Status
Version 7.2 49 AudioCodes Mediant SBC
Page 50
Teams Direct Routing & Analog Devices
This page is intentionally left blank.
AudioCodes Mediant SBC 50 Document #: LTRT-33426
Page 51
Configuration Note 6. Verify ATA Registered Users in the SBC
6 Verify ATA Registered Users in the SBC
You can view SBC users that are registered with the device. For each user, the Address of
Record (AOR) and the corresponding contacts are shown.
To view registered SBC users:
1. Open the SBC Registered Users page (Monitor menu > Monitor tab > VoIP Status
folder > SBC Registered Users).
Figure 6-1: SBC Registered Users
Version 7.2 51 AudioCodes Mediant SBC
Page 52
Teams Direct Routing & Analog Devices
This page is intentionally left blank.
AudioCodes Mediant SBC 52 Document #: LTRT-33426
Page 53
Configuration Note A. Configuring MP-1xx ATA for Connecting Analog Devices
of the
A Configuring MP-1xx ATA for Connecting
Analog Devices
This section describes how to configure AudioCodes MediaPack™ Series (MP-1xx) VoIP
Gateways for connecting analog devices. The ATA device must be configured to send all
calls to the AudioCodes SBC.
Note: This section shows partial configuration. For detailed configuration
MediaPack MP-1xx Series refer to the device's User's Manual
(https://www.audiocodes.com/library/technical-documents?query=MP-11x).
A.1 Configure Proxy Server and Registration
This section describes how to configure the proxy server and registration. The configuration
below uses the example of an ATA device registered to the SBC device (10.15.17.55).
To configure Proxy Server and Registration:
1. Open the Proxy & Registration page (Configuration tab > VoIP menu > SIP
Definitions sub-menu > Proxy & Registration).
Figure A-1: Proxy and Registration
2. From the 'Use Default Proxy' drop-down list, select Yes.
3. In the 'Proxy Name' field, enter the SBC IP address.
Version 7.2 53 AudioCodes Mediant SBC
Page 54
Teams Direct Routing & Analog Devices
4. From the 'Enable Registration' drop-down list, select Enable.
5. In the 'Gateway Name' field, enter the SBC IP address.
6. Click the Proxy Set Table button, the following page is displayed:
Figure A-2: Default Proxy Sets Table
7. In the 'Proxy Address' field, enter the SBC IP address.
8. Click the Apply button.
A.2 Configure the Endpoint Phone Number Table
The 'Endpoint Phone Number Table' page allows you to activate the MP-1xx ports
(endpoints) by defining telephone numbers. The configuration below uses the example of
ATA destination phone number ‘+12345678901’ with all routing directed to the SBC device
(10.15.17.55).
To configure the Endpoint Phone Number table:
1. Open the Endpoint Phone Number Table page (Configuration tab > VoIP menu > GW
and IP to IP submenu > Hunt Group sub-menu > Endpoint Phone Number).
Figure A-3: Endpoint Phone Number Table Page
AudioCodes Mediant SBC 54 Document #: LTRT-33426
Page 55
Configuration Note A. Configuring MP-1xx ATA for Connecting Analog Devices
A.3 Configure the Hunt Group
This section describes how to configure the Hunt Group.
To configure Hunt Group:
1. Open the Hunt Group Settings page (Configuration tab > VoIP menu > GW and IP to
IP sub-menu > Hunt Group > Hunt Group Settings).
Figure A-4: Hunt Group Settings
2. From the 'Channel Select Mode' drop-down list, select By Dest Phone Number.
3. From the 'Registration Mode' drop-down list, select Per Endpoint.
4. Click the Apply button.
A.4 Configure IP-to-Hunt Group Routing
This section describes how to configure the IP-to-Hunt Group routing rules.
To configure the IP to Hunt Group Routing table:
1. Open the Tel to IP Routing page (Configuration tab > VoIP menu > GW and IP to IP
sub-menu > Routing > IP to Hunt Group Routing).
Figure A-5: IP to Hunt Group Routing Page
2. Configure the entry as shown in the screen above.
3. Click the Apply button.
Version 7.2 55 AudioCodes Mediant SBC
Page 56
Teams Direct Routing & Analog Devices
2 3 5
4
A.5 Configure SIP UDP Transport Type and Fax
Signaling Method
In most cases ATA device is used for interconnection fax devices. This step describes how
to configure the fax signaling method for the MP-1xx device.
To configure the fax signaling method:
1. Open the SIP General Parameters page (Configuration tab > VoIP menu > SIP
Definitions submenu > General Parameters).
Figure A-6: SIP General Parameters Page
2. From the ‘FAX Signaling Method’ drop-down list, select G.711 Transport for G.711 fax
support and select T.38 Relay for T.38 fax support.
3. From the ‘SIP Transport Type’ drop-down list, select UDP.
4. In the ‘SIP UDP Local Port’ field, enter 5060 (corresponding to the SBC configuration).
5. In the ‘SIP Destination Port’, enter 5060 (corresponding to the SBC configuration).
AudioCodes Mediant SBC 56 Document #: LTRT-33426
Page 57
Configuration Note B. Configuring MP-20x ATA for Connecting Analog Devices
of the
B Configuring MP-20x ATA for Connecting
Analog Devices
This section describes how to configure AudioCodes MediaPack™ Series (MP-20x)
Telephony Adapter for connecting analog devices. The ATA device must be configured to
send all calls to the AudioCodes SBC.
Note: This section shows partial configuration. For detailed configuration
MediaPack MP-20x Series refer to the device's User's Manual
(https://www.audiocodes.com/library/technical-documents?query=MP-20x).
B.1 Configure SIP Interface Settings
This section describes how to configure SIP Signaling Protocol.
To configure SIP Interface Settings:
1. Click the Voice Over IP menu in the side menu bar; the Voice Over IP screen appears.
Figure B-1: Signaling Protocol Page
Version 7.2 57 AudioCodes Mediant SBC
Page 58
Teams Direct Routing & Analog Devices
2. On the Signaling Protocol page, the following parameters enable configuration:
a. From the ‘SIP Transport Type’ drop-down list, select UDP.
b. In the ‘Local SIP Port’ field, enter 5060 (corresponding to the SBC configuration)
c. In the ‘Use SIP Proxy’ check the check box.
d. In the ‘Host Name or Address’ field, set the IP address of the SBC.
e. In the ‘Use SIP Proxy IP and Port for Registration’ check the check box.
B.2 Configure Media Streaming Parameters
The section describes how to configure Media Streaming Parameters.
To configure Media Streaming Parameters:
1. Click the Media Streaming tab. The Media Streaming screens opens, which enables
you to configure the following:
• Supported Codecs
• Codecs Priority
• Packetization Time
Figure B-2: Media Streaming Page
AudioCodes Mediant SBC 58 Document #: LTRT-33426
Page 59
Configuration Note B. Configuring MP-20x ATA for Connecting Analog Devices
B.3 Configuring Line Settings
Before you can make phone calls, you need to configure lines. Lines are logical SIP ID
numbers (i.e., telephone numbers) which are registered to a SIP proxy server and for which
you are charged for calls you make on it. With a MP-20x line setting configuration, you can
associate any phone extension to any line.
To configure lines:
1. On the 'Voice Over IP' screen, click the Line Settings tab; the following screen appears.
Figure B-3: Line Settings Tab Screen
2. For each line, click the corresponding Edit icon to configure the line; the following
screen appears:
Figure B-4: Line Settings Screen for a New Line
3. In the ‘User ID’ field, enter phone's VoIP user ID used for identification to initiate and
accept calls.
4. To hide the phone’s ID from the remote party, select the ‘Block Caller ID’ check box.
5. In the ‘Display Name’ field, enter a name to intuitively identify the line. This is also
displayed to remote parties as your caller ID.
6. Click OK to save your settings.
Version 7.2 59 AudioCodes Mediant SBC
Page 60
Teams Direct Routing & Analog Devices
This page is intentionally left blank.
AudioCodes Mediant SBC 60 Document #: LTRT-33426
Page 61
Configuration Note C. Syntax Requirements for SIP Messages 'INVITE' and 'OPTIONS'
C Syntax Requirements for SIP Messages
'INVITE' and 'OPTIONS'
The syntax of SIP messages must conform with Teams Direct Routing requirements.
This section covers the high-level requirements for the SIP syntax used in 'INVITE' and
'OPTIONS' messages. You can use the information presented here as a first step when
troubleshooting unsuccessful calls. AudioCodes has found that most errors are related to
incorrect syntax in SIP messages.
C.1 Terminology
Must
Strictly required. The deployment does not function correctly without the correct
configuration of these parameters.
C.2 Syntax Requirements for 'INVITE' Messages
Figure C-1: Example of an 'INVITE' Message
Contact header
• MUST: When placing calls to the Direct Routing interface, the 'CONTACT' header
must have the SBC FQDN in the URI hostname
• Syntax: Contact: <phone number>@<FQDN of the SBC>:<SBC Port>;<transport
type>
• If the parameter is not configured correctly, calls are rejected with a '403
Forbidden' message.
Version 7.2 61 AudioCodes Mediant SBC
Page 62
Teams Direct Routing & Analog Devices
C.3 Requirements for 'OPTIONS' Messages Syntax
Figure C-2: Example of 'OPTIONS' message
Contact header
• MUST: When placing calls to the Direct Routing interface, the 'CONTACT' header
must have the SBC FQDN in the URI hostname
• Syntax: Contact: <phone number>@<FQDN of the SBC>:<SBC Port>;<transport
type>
• If the parameter is not configured correctly, the calls are rejected with a '403
Forbidden' message
The table below navigates to the path in the Web interface where the parameters are
configured and refers to the relevant location in this document including the configuration
instructions.
Table C-1: Syntax Requirements for an 'OPTIONS' Message
Parameter Where Configured How to Configure
Contact
Setup > Signaling and Media > Core
Entities > IP Groups > <Group Name> >
See Section 4.9 Configure
IP Groups
Local Host Name
In IP Groups, 'Contact' must be configured.
In this field
('Local Host Name'), define the
local host name of the SBC as a string, for
example, sbc.ACeducation.info. The name
changes the host name in the call received
from the IP group.
AudioCodes Mediant SBC 62 Document #: LTRT-33426
Page 63
Configuration Note C. Syntax Requirements for SIP Messages 'INVITE' and 'OPTIONS'
C.4 Connectivity Interface Characteristics
The table below shows the technical characteristics of the Direct Routing interface.
In most cases, Microsoft uses RFC standards as a guide during development, but does not
guarantee interoperability with SBCs - even if they support all the parameters in the table
below - due to the specifics of the implementation of the standards by SBC vendors.
Microsoft has a partnership with some SBC vendors and guarantees their devices'
interoperability with the interface. All validated devices are listed on Microsoft's website.
Microsoft only supports devices that are validated in order to connect to the Direct Routing
interface.
AudioCodes is one of the vendors who are in partnership with Microsoft.
AudioCodes' SBCs are validated by Microsoft to connect to the Direct Routing interface.
Table C-2: Teams Direct Routing Interface - Technical Characteristics
Category Parameter Value Comments
Ports and
IP ranges
Transport
and
Security
SIP Interface FQDN
Name
IP Addresses range for
SIP interfaces
SIP Port 5061 -
IP Address range for
Media
Media port range on
Media Processors
Media Port range on
the client
SIP transport TLS -
Media Transport SRTP -
SRTP Security Context DTLS, SIPS
See Microsoft's
document Deploying
Direct Routing Guide.
See Microsoft's
document Deploying
Direct Routing Guide.
See Microsoft's
document Deploying
Direct Routing Guide.
See Microsoft's
document Deploying
Direct Routing Guide.
See Microsoft's
document Deploying
Direct Routing Guide.
Note: Support for DTLS
is pending. Currently,
SIPS must be
configured. When
support for DTLS will be
announced, it will be
the recommended
context.
-
-
-
-
-
https://tools.ietf.org/html/rfc5763
Crypto Suite AES_CM_128_HMAC_
SHA1_80, non-MKI
Control protocol for
media transport
Supported Certification
Authorities
Version 7.2 63 AudioCodes Mediant SBC
SRTCP (SRTCP-Mux
recommended)
See the Deployment
Guide
-
Using RTCP MUX helps reduce
the number of required ports
-
Page 64
Teams Direct Routing & Analog Devices
-
-
- Not required
-
Category Parameter Value Comments
Transport for Media
Bypass (of configured)
Audio codecs
Codecs Other codecs
ICE-lite (RFC5245)
– recommended
Client also has
Transport Relays
G711
Silk (Teams clients)
Opus (WebRTC
clients) - only if
Media Bypass is
used
G729
CN
Required
narrowband and
wideband
RED - Not required
DTMF - Required
Events 0-16
Silence Suppression
AudioCodes Mediant SBC 64 Document #: LTRT-33426
Page 65
Configuration Note C. Syntax Requirements for SIP Messages 'INVITE' and 'OPTIONS'
This page is intentionally left blank.
Version 7.2 65 AudioCodes Mediant SBC
Page 66
Page 67
International Headquarters
1 Hayarden Street,
Airport City
Lod 7019900, Israel
Tel: +972-3-976-4000
Fax: +972-3-976-4040
AudioCodes Inc.
200 Cottontail Lane
Suite A101E
Somerset NJ 08873
Tel: +1-732-469-0880
Fax: +1-732-469-2298
Contact us
:
https://www.audiocodes.com/corporate/offices-worldwide
website: https://www.audiocodes.com
©2020 AudioCodes Ltd. All rights reserved. AudioCodes, AC, HD VoIP, HD VoIP Sounds Better, IPmedia, Mediant,
MediaPack, What’s Inside Matters, OSN, SmartTAP, User Management Pack, VMAS, VoIPerfect, VoIPerfectHD, Your
Gateway To VoIP, 3GX, VocaNom, AudioCodes One Voice, AudioCodes Meeting Insights, AudioCodes Room
Experience and CloudBond are trademarks or registered trademarks of AudioCodes Limited. All other products or
trademarks are property of their respective owners. Product specifications are subject to change without notice.
Document #: LTRT-33426
Loading...