Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The SIP Trunking use case allows your PBX to safely connect over the internet to an ITSP. The SBC in this scenaro is providing enhanced security for the corporate network without the need to set up VPN tunnels. Note that the SBC can be used at the same time to perform Remote Phone Support but for simplicity the example below concentrates on SIP trunking.  

(Under Construction)
Network.pngImage Removed
Image Added

SBC Public IP:


  1. Go to Configuration->IP Settings->Network and then edit eth0 and assign the DMZ IP address. Next click the Add button to add an IP address to eth1. Enter in the IP address along with the subnet mask as shown below. 
    2a.pngImage RemovedImage Added
  2. Once completed you will now have an IP address on eth0 and eth1. 
    2.pngImage RemovedImage Added
  3. Next go to Configuration -> IP Settings -> Media Interfaces and click Edit.
    3.pngImage RemovedImage Added
  4. Change the Transcoding Mode to Hardware Hidden mode. Then click Save. 
     4.pngImage RemovedImage Added
  5. Next click Detect Modules. Once you modules are detected click OK to continue. 
    5.pngImage RemovedImage Added



2) SIP Profile Configuration

  1. Go to Configuration -> Signaling -> SIP Profiles and click Modify next to the default internal SIP profile.
    11.pngImage RemovedImage Added
  2. Ensure the SIP IP Address is configured set to the LAN IP address. Then enable the SIP Trace option. 
    12.pngImage RemovedImage Added
  3. Next scroll down to the Authentication section and disable Authenticate Calls. This option is only required when remote phones are registering to a local SIP account on the SBC. Once done save the internal profile. 
    13.pngImage RemovedImage Added
  4. Next add a new profile called external. 
    14.pngImage RemovedImage Added
  5. In the External SIP profile set the External SIP IP Address and External RTP IP Address to the public IP. As well enable the SIP Trace option. 
    15.pngImage RemovedImage Added
  6. Next disable authenticate calls as we did with the internal SIP profile.  
    16-sip-trunking.pngImage RemovedImage Added



3) Adding SIP Trunk to PBX and ITSP

  1. Go to Configuration -> Signaling -> SIP Trunks and click Add. Name the SIP trunk PBX. 
    17.pngImage RemovedImage Added
  2. Set the Domain to be the IP address of the PBX. Enable OPTIONS by setting the Frequency and Max/Min Pings as shown below. Once done click Save.
    18.pngImage RemovedImage Added




4) Configuring the SIP Domain

  1. Go to Configuration -> Signaling -> Domains and click Add. Set the name of the domain to the FQDN or IP the remote phones will be registering to. 
    19.pngImage RemovedImage Added
  2. Next enable Forward Registration/Authentication as shown below. Set the Forward SIP profile to Internal. Then it is recommended to Force the Expires time to around 300-600 seconds; this will force the phones to register every 5-10 minutes. The short time period will ensure the registration information is current and correct. 
    20.pngImage RemovedImage Added
  3. Next go to Configuration -> Signaling -> SIP Profiles and click Modify on the External SIP Profile. 
    21.pngImage RemovedImage Added
  4. Then click Bind under the Domain section. 
    22b.pngImage RemovedImage Added
  5. Select your domain from the list and click Bind. 
    22.pngImage RemovedImage Added
  6. Your domain will now be bound to the SIP profile. This will allow Remote phones to register to your External SIP Profile.
    23.pngImage RemovedImage Added




5) Configuring the Call Routing

  1. Go to  Configuration -> Routing -> Call Routing and then click the Add button in the Basic Call Routing section to add a new routing plan.
    31.pngImage RemovedImage Added
  2. Name the new routing plan internal and then click Add. 
    32.pngImage RemovedImage Added
  3. Once in the new routing plan click Add to add a new rule. 
    33.pngImage RemovedImage Added
  4. In the new rule change the stop policy to Stop On Failure. Add the condition below to verify all internal calls orginate from the PBX's IP address. To do this use the network_addr variable as shown below. Ensure the actions to perform if the condition doesn't match is set to respond with a 403. Once done click Save to continue. 
    34.pngImage RemovedImage Added
  5. Next click Add to add a new rule. In the new rule set the condition based off the Destination Address. The condition will be (.*). The action will need to be a custom action and the application will be bridge. The data will be ${sofia_contact(external/$ . The "external" part is the name of the external facing SIP profile. The "" part is the domain the users are registering to. These are the two pieces that may change on a per installation basis. 
    35.pngImage RemovedImage Added
  6. Next go back to the call routing and add a new routing plan as we did in step 1-2 above. Name the new routing plan external. This will be used for the external SIP profile. In the new routing plan add only one rule. The condition will be (.*) and based on the Destination Address. Then the action will be bridge to trunk. The Trunk will be the SIP trunk named PBX with the destination $1 as shown below.
    36.pngImage RemovedImage Added
  7. Now that both routing plans are made go to Configuration -> Signaling -> SIP Profiles and modify the internal SIP profile. 
    37.pngImage RemovedImage Added
  8. In the internal SIP profile under Session Routing change the Routing Plan to Internal. Then click Save to continue. 
    38.pngImage RemovedImage Added
  9. Next go back to Configuration -> Signaling -> SIP Profiles and this time click Modify next to the External SIP profile. Once in the External SIP profile, go to the Session Routing section and change the Routing Plan to External. Then click Save.39.pngImage RemovedImage Added



6) Finalizing the Installation

  1. Go to Overview -> Dashboard -> Control Panel and start the following services. 
    1. Vega Session Controller
    2. IP Firewall
    3. Intrusion Detection
    4. Intrusion Prevention
      41.pngImage RemovedImage Added
  2. Enable all IDS rules by going to Configuration -> Security -> Intrusion Detection and ensuring all are checked. Once done click Update to apply the changes. 
    42.pngImage RemovedImage Added
  3. Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. 
    43.pngImage RemovedImage Added
  4. In this example eth1 is the internal network interface. Once done click Save. 
    44.pngImage RemovedImage Added
  5. Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. Now both the web server and SSH will only be available on your internal network. 
    45.pngImage RemovedImage Added
  6. Since the configuration is now completed get a backup. Go to System -> Management -> Backup-Restore and click Backup. 
    46.pngImage RemovedImage Added
  7. Name the file accordingly and click backup to download a copy. Ensure you keep this safe somewhere and always take a new backup after each change made to the SBC.  
    47.pngImage RemovedImage Added