The migration to cloud-based communication solutions offers significant advantages. However, organizations can maintain a measured pace and seamlessly integrate existing on-premises PBX or PSTN infrastructure with Webex Calling through Local Gateway Deployment. This approach allows you to capitalize on your previous investments while enjoying the benefits of cloud calling.
In this blog, we will delve into the deployment process for Local Gateway, focusing on the registration-based trunk configuration method.
Local Gateway Deployment: A Hybrid Solution
Local Gateway bridges the gap between your on-premises environment and Webex Calling. It acts as a translator, seamlessly routing calls between your existing PBX or PSTN and the Webex cloud. This hybrid approach ensures a smooth transition to the cloud while preserving the functionality of your on-premises infrastructure.
Registration-Based Trunk Configuration
This blog will explore the registration-based trunk configuration for Local Gateway. We will provide a detailed explanation of this method, outlining the steps involved and best practices to ensure a successful implementation.
Important Considerations: SIP Trunk Configuration
It is important to note that this blog focuses on Local Gateway deployment and does not cover SIP trunk configuration on Call Manager. Separate configuration is required to define the SIP trunk with the appropriate port usage to avoid conflicts between the trunks connecting to your PSTN and Webex Calling.
By following this guide and ensuring proper SIP trunk configuration, you can successfully deploy Local Gateway and establish a seamless connection between your on-premises environment and Webex Calling.
Prerequisites, Requirements & Assumptions:
Now we will go over configuring the requirements to complete the deployment:
configure terminal
crypto pki trustpoint TLS-TP
revocation-check crl
exit
sip-ua
crypto signaling default trustpoint TLS-TP cn-san-validate server
transport tcp tls v1.2
tcp-retry 1000
end
show crypto pki trustpool | include DigiCert
cn=DigiCert Global Root CA
o=DigiCert Inc
cn=DigiCert Global Root CA
o=DigiCert Inc
show crypto pki trustpool | include IdenTrust Commercial
cn=IdenTrust Commercial Root CA 1
cn=IdenTrust Commercial Root CA 1
voice service voip
ip address trusted list
ipv4 23.89.0.0 255.255.0.0
ipv4 85.119.56.0 255.255.254.0
ipv4 128.177.14.0 255.255.255.0
ipv4 128.177.36.0 255.255.255.0
ipv4 135.84.168.0 255.255.248.0
ipv4 139.177.64.0 255.255.248.0
ipv4 139.177.72.0 255.255.254.0
ipv4 144.196.33.0 255.255.255.128
ipv4 150.253.156.128 255.255.255.128
ipv4 150.253.209.128 255.255.255.128
ipv4 170.72.0.0 255.255.0.0
ipv4 170.133.128.0 255.255.192.0
ipv4 185.115.196.0 255.255.252.0
ipv4 199.19.196.0 255.255.254.0
ipv4 199.19.199.0 255.255.255.0
ipv4 199.59.64.0 255.255.248.0
Voice service voip
media statistics
media bulk-stats
allow-connections sip to sip
no supplementary-service sip refer
no supplementary-service sip handle-replaces
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
stun
stun flowdata agent-id 1 boot-count 5
stun flowdata shared-secret 0 Password 123$
sip
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0
asymmetric payload full
early-offer forced
midcall-signaling passthru
privacy-policy passthru
g729 annexb-all
voice class sip-profiles 200
rule 9 request ANY sip-header SIP-Req-URI modify "sips:(.*)" "sip:\1"
rule 10 request ANY sip-header To modify "<sips:(.*)" "<sip:\1"
rule 11 request ANY sip-header From modify "<sips:(.*)" "<sip:\1"
rule 12 request ANY sip-header Contact modify "<sips:(.*)>" "<sip:\1;transport=tls>"
rule 13 response ANY sip-header To modify "<sips:(.*)" "<sip:\1"
rule 14 response ANY sip-header From modify "<sips:(.*)" "<sip:\1"
rule 15 response ANY sip-header Contact modify "<sips:(.*)" "<sip:\1"
rule 20 request ANY sip-header From modify ">" ";otg=hussain2572_lgu>"
rule 30 request ANY sip-header P-Asserted-Identity modify "sips:(.*)" "sip:\1"
voice class codec 99
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 opus
voice class srtp-crypto 200
crypto 1 AES_CM_128_HMAC_SHA1_80
voice class stun-usage 200
stun usage firewall-traversal flowdata
stun usage ice lite
voice class tenant 200
registrar dns:40462196.cisco-bcld.com scheme sips expires 240 refresh-ratio 50 tcp tls
credentials number Hussain6346_LGU username Hussain2572_LGU password 0 meX7]~)VmF realm BroadWorks
authentication username Hussain2572_LGU password 0 meX7]~)VmF realm BroadWorks
authentication username Hussain2572_LGU password 0 meX7]~)VmF realm 40462196.cisco-bcld.com
no remote-party-id
sip-server dns:40462196.cisco-bcld.com
connection-reuse
srtp-crypto 200
session transport tcp tls
url sips
error-passthru
asserted-id pai
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
no pass-thru content custom-sdp
sip-profiles 200
outbound-proxy dns:la01.sipconnect-us10.cisco-bcld.com
privacy-policy passthru
Update the SIP profile 200 rule 20 to include the correct otg
rule 20 request ANY sip-header From modify ">" ";otg=hussain2572_lgu>"
This should take care about the integration between Webex Calling and Local Gateway. Not you should configure the dial-peers.
voice class tenant 100
session transport udp
url sip
error-passthru
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0
no pass-thru content custom-sdp
dial-peer voice 201 voip
description Inbound/Outbound Webex Calling
destination-pattern BAD.BAD
session protocol sipv2
session target sip-server
voice-class codec 99
dtmf-relay rtp-nte
voice-class stun-usage 200
no voice-class sip localhost
voice-class sip tenant 200
srtp
no vad
dial-peer voice 301 voip
description Outgoing dial-peer towards CUCM
destination-pattern BAD.BAD
session protocol sipv2
session server-group 301
voice-class codec 99
voice-class sip bind control source-interface GigabitEthernet 0/0/0
voice-class sip bind media source-interface GigabitEthernet 0/0/0
dtmf-relay rtp-nte
voice-class sip tenant 100
no vad
dial-peer voice 300 voip
description Incoming dial-peer from CUCM for Webex Calling
session protocol sipv2
destination dpg 200
incoming uri via 300
voice-class codec 99
dtmf-relay rtp-nte
voice-class sip tenant 300
no vad
voice class dpg 300
dial-peer 301 preference 1
voice class dpg 200
dial-peer 201 preference 1
voice class uri 300 sip
pattern :5065
voice class uri 200 sip
pattern dtg=hussain2572.lgu
dial-peer voice 201 voip
description Inbound/Outbound Webex Calling
max-conn 250
destination dpg 300
incoming uri request 200
dial-peer voice 300 voip
description Incoming dial-peer from CUCM for Webex Calling
destination dpg 200
incoming uri via 300
This concludes the configuration you would need to set up communication between Webex Calling and Call Manager leveraging a Cisco CUBE. A reminder, a SIP trunk still needs to be configured from Call Manager pointing to this CUBE with a sip trunk security profile using port 5065.
For more information always revise the following links:
https://help.webex.com/en-us/article/b2exve
As always if you have any questions and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!