Blog

Video conferencing was becoming the new norm even pre-covid. However, the pandemic did accelerate many businesses’ adoption of this technology. In this section, I will go over a deployment that will enable your on-prem Cisco video endpoints to dial other video endpoints registered to remote companies and dial into a Cisco Webex Meeting Room.

You will need the following:

• Cisco Call Manager version 10.0+
• Cisco Expressway C 8.1+
• Cisco Expressway E 8.1+
• A Video Endpoint, WebEx, or Jabber (configured for SIP URI Dialing) registered to the Call Manager.
• RMS licenses are needed for Business-to-Business calling.

Below is a figure that shows the network deployment:

1. On the Call Manager:
   
   

• We need to configure a SIP Trunk between the Call Manager and the Expressway C.
  
  
• If there’s Mobile and Remote Access configured on the Expressway, we would need to configure a new SIP Trunk Security Profile, so we change the SIP port that is being used for Video Calls, that way it won’t overlap with the SIP port that’s being used for MRA.
  
  
• A SIP Route Pattern.

1. SIP Security Profile

1. On the CUCM Administration page, go to System Security  SIP Trunk Security Profile.
   
   
2. Click Find.
   
   
3. Click Copy that is next to Non-Secure SIP Trunk Profile
   
   
4. Change the name to Expressway C B2B Non Secure SIP Trunk Profile
   
   
5. For incoming port, choose a port that isn’t being used between Call Manager & Expressway C i.e. 6060.
   
   
6. Select the check boxes next to: Accept unsolicited notification and Accept Replaces Header.

2. SIP Trunk

1. On the CUCM Administration page, go to Device  Trunk and click Add New.
   
   
2. For Trunk Type, select SIP Trunk, leave Device Protocol as SIP, and Trunk service type as None.
   
   
3. Fill in the following parameters for the SIP Trunk:
   
   

• Name :             EXPC-B2B-Trunk (you can enter whatever name you want).
  
  
• Description : SIP Trunk between Call Manager and Expressway C for B2B Calls
  
  
• Device Pool : Select appropriate Device Pool
  
  
• Location :             Select appropriate Location (can be Hub_None)
  
  
• Select Checkbox for Run on All Active CUCM Nodes.
  
  
• For Inbound Calls section, select Internal as Calling Search Space, Important not to give access to PSTN as it may allow unwanted calls to the PSTN.
  
  
• Under SIP Information, enter the IP or FQDN of Expressway C in the destination address and for port enter 5060.
  
  
• SIP Trunk Security Profile :       Expressway C B2B Non Secure SIP Trunk Profile (the one that was created above).
  
  
• SIP Profile :             Standard SIP Profile for Cisco VCS.

3. SIP Route Pattern.

1. 1. Last item to create is the SIP Route Pattern
      
      
   2. On the CUCM Administration page, go to Call Routing SIP Route Pattern.
      
      
   3. Click on Add New.
      
      
   4. Fill in the following parameters:

• Pattern Usage :       Domain Routing.
• IPv4 Pattern :             *.*
• Description :             Send all External URIs to Expressway C.
• SIP Trunk/Route List: EXPC-B2B-Trunk (the once created above).

4. Putting it all together for the Call Manager Configuration.

The Call Manager handles call signaling for all registered devices. Once a video endpoint dials a SIP URI, the call manager will check the domain on that SIP URI if it matches the cluster domain of the Call manager, if it doesn’t match, it will then check the list of configured SIP Route Patterns. It will match it to the above created *.* SIP route pattern which will send the call to the Expressway C.

B. On The Expressway C:

This deployment takes into consideration the following:

1. The Expressway C has been properly licensed with an Expressway Series Licenses.
   
   
2. The Expressway C has been signed with a CA server that is trusted by Expressway E & the Call Manager.
   
   
3. The Expressway C trusts the CA that signed the Call Manager’s Tomcat and Call Manager certificate.
   
   
4. The Expressway C has been correctly configured with an IP address, Subnet Mask, Gateway, NTP, and DNS servers.
   
   
5. The Expressway has been correctly configured with a Domain.
   
   
6. SIP has been enabled.

1. Configure Neighbor Zone between Expressway C & Call Manager.

1. On the Expressway C, go to Configuration Zones  Zone
   
   
2. Click on New and Enter the below Parameters:
   
   

• Name :             CUCM Neighbor Zone.
  
  
• Type :             Select Neighbor
  
  
• Click Create Zone.
  
  
• Under SIP Mode select On.
  
  
• Port :             6060 (same port you configured on the Security SIP Trunk that you applied to the SIP trunk on Call Manager).
  
  
• Transport :             TCP
  
  
• Media Encryption mode :             Auto.
  
  
• Under Location enter all IP addresses of the Call Manager Nodes (must belong to the same cluster).
  
  
• Click Save.
•  
• Zone State must be Active.

1. Configure Traversal Client Zone between Expressway C & Expressway E

1. On the Expressway C, go to Configuration  Zones  Zone
   
   
2. Click on New and Enter the below Parameters:
   
   

• Name :             B2B Zone to Expressway E.
  
  
• Type :             Traversal Client
  
  
• Click Create Zone.
  
  
• Enter any username and password ( you will later create those on the Expressway E)
  
  
• Under SIP Mode select On.
  
  
• Port :             7005
  
  
• Transport :             TLS
  
  
• Media Encryption mode :      Auto.
  
  
• Under Location enter Expressway E IP Address or FQDN
  
  
• Click Save.
  
  
• Zone State will be active when the zone will be created on Expressway E

2. Configure Search Rule to Send Outgoing Calls to Expressway E.

1. 1. The purpose of this search rule is to match all SIP URI calls that have a domain other than the Home Cluster domain of the Call Manager and send them to Expressway E.
      
      
   2. On the Expressway C, go to Configuration  Dial Plans  Search Rule and Click New
      
      
   3. Enter the following Parameters:
      
      

• Rule Name : Outgoing B2B Calls to Expressway E
  
  
• Description : Send all SIP URI calls with Domain other than Local Domain to Expressway E.
  
  
• Priority :             150 (must be the last search rule to match)
  
  
• Protocol :             SIP
  
  
• Source :             Named
  
  
• Source Name: CUCM Neighbor Zone
  
  
• Mode :             Any Alias
  
  
• On Successful Match :       Stop
  
  
• Target :             B2B Zone to Expressway E.
  
  
• State :            Enabled. 

3. Configure Search Rule to Send Incoming Calls to Call Manager

1. The purpose of this search rule is to match SIP URI calls that has the local domain and send them to the Call Manager.
   
   
2. On the Expressway C, go to Configuration  Dial Plans  Search Rule and Click New
   
   
3. Enter the following Parameters:
   
   

• Rule Name : Incoming B2B Calls to the Call Manager
  
  
• Description : Send Incoming B2B calls to the Call Manager
  
  
• Priority :             10 (must be the first search rule to match)
  
  
• Protocol :             SIP
  
  
• Source :             any
  
  
• Mode :             Alias Pattern Match
  
  
• Pattern Type: Regex
  
  
• Pattern String: (.+)@localdomain.com(.*) (enter your local domain)
  
  
• Pattern Behavior: Leave
  
  
• On Successful Match :       Stop
  
  
• Target :             CUCM Neighbor Zone.
  
  
• State :            Enabled.

5. Putting it all together for the Expressway C

1. For outgoing calls from the Call Manager, The Expressway C is going to match all SIP URIs not having the local domain (CUCM will never send the local domain to the Expressway C). The Expressway C is configured with a search
   rule to match all other domains and send them to Expressway E.
   
   
2. For incoming calls from the Expressway E, the Expressway C will match the local domain SIP URI and send them to the Call Manager.

C. On The Expressway E:

This deployment takes into consideration the following:

1. The Expressway E has been properly licensed with an Expressway Series Licenses.
   
   
2. If you want Business to Business Calls, you need to add RMS Licenses.
   
   
3. Calls to WebEx rooms do not require RMS licenses.
   
   
4. The Expressway E has been signed with a CA server that is trusted by Expressway C
   
   
5. The Expressway E trusts the CA that signed the Expressway C’s certificate.
   
   
6. The Expressway E has been correctly configured with an IP address, Subnet Mask, Gateway, NTP, and DNS servers.
   
   
7. SIP has been enabled.

1. Configure Traversal Server Zone between Expressway E & Expressway C

1. On the Expressway E, go to Configuration  Zones Zone
   
   
2. Click on New and Enter the below Parameters:
   
   

• Name :             B2B Zone to Expressway C.
  
  
• Type :             Traversal Server
  
  
• Click Create Zone.
  
  
• Create the credentials that were used on the Expressway C.
  
  
• Under SIP Mode select On.
  
  
• Port :             7005
  
  
• Transport :             TLS
  
  
• Media Encryption mode :      Auto.
  
  
• Under Location enter Expressway C IP Address or FQDN
  
  
• Click Save.
  
  
• State should be active.
  
  
  

2. Configure DNS zone to send outgoing calls to the Internet.

1. On the Expressway E, go to Configuration  Zones  Zone
   
   
2. Click on New and Enter the below Parameters:
   
   

• Name :             DNS Zone
  
  
• Type :             DNS
  
  
• Click Create Zone.
  
  
• Under SIP Mode select On.
  
  
• TLS Verify Mode: On
  
  
• Transport :             TLS
  
  
• Media Encryption mode : Best Effort
  
  
• Click Save.
  
  
• Zone State will be active when the zone will be created on Expressway E
  
  
  2. Configure Search Rule to Send Outgoing Calls to DNSZone (Internet)
   
  1. The purpose of this search rule is to match all SIP URI calls that have a domain other than the Home Cluster domain of the Call Manager and send them to the Internet.
     
     
  2. On the Expressway E, go to Configuration  Dial Plans  Search Rule and Click New
     
     
  3. Enter the following Parameters:
     
     
• Rule Name : Outgoing B2B Calls to the Internet
  
  
• Description : Send all SIP URI calls with Domain other than Local Domain to Internet
  
  
• Priority :             150 (must be the last search rule to match)
  
  
• Protocol :             SIP
  
  
• Source :             Named
  
  
• Source Name: B2B Zone To Expressway E
  
  
• Mode :             Any Alias
  
  
• On Successful Match :       Stop
  
  
• Target :             DNSZone
  
  
• State :            Enabled.
  
  
  

3. Configure Search Rule to Send Incoming Calls to Expressway C.

1. 1. The purpose of this search rule is to match all SIP URI calls that have a local domain and send them to the Expressway C.
      
      
   2. On the Expressway E, go to Configuration  Dial Plans  Search Rule and Click New
      
      
   3. Enter the following Parameters:
      
      

• Rule Name : Incoming B2B Calls to Expressway C
  
  
• Description : Send all SIP URI calls with Local Domain to Expressway C
  
  
• Priority :             10 (must be the first search rule to match)
  
  
• Protocol :             SIP
  
  
• Source :             DNSZone
  
  
• Mode :             Alias Pattern Match
  
  
• Pattern Type: Regex
  
  
• Pattern String: (.+)@localdomain.com(.*) (enter your local domain)
  
  
• Pattern Behavior: Leave
  
  
• On Successful Match :       Stop
  
  
• Target :             B2BZone To Expressway C
  
  
• State :            Enabled.

5. Putting it all together for the Expressway E
    
   1. Incoming calls from the Internet to your local network will arrive to the DNSZone. A search rule that will match local domains will send the calls to the Expressway C.
      
      
   2. Outgoing calls to the Internet arrive from Expressway C, and will match a search rule that matches all SIP URI calls with a domain other than the local domain. It will send the call to the DNSZone which in turn will send it out to the internet.

D. Honorable Mention for DNS:

A Public SRV record must be created for Business to Business or Calls to WebEx rooms to work.

This SRV record will point to your FQDN of the Expressway E.

Below are the parameters for that SRV record:

Domain name    :             Your public domain i.e. cisco.com

Service                :             sips

Protocol             :             tcp

Priority               :             10

Weight               :             10.

Port                    :             5061

Target Host        :            expe.publicdomain.com

As always if you have any questions on enabling your on-prem Cisco video endpoints to dial other video endpoints registered to remote companies and dial into a Cisco Webex Meeting Room and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!