Switchvox Private IP: 192.168.1.5

SBC Public IP:  149.248.58.42
SBC Private IP #1: 192.168.1.11    (Connection to ITSP - Public IP Ports Forwarded to this IP)
SBC Private IP #2: 192.168.1.10    (Connection to Switchvox)


Router Configuration

Ensure the following ports are open or forwarded to the public IP of the SBC. 

SBC Public IP Ports


SBC Configuration

1) Go to Configuration → IP Settings → Access Control List and add a new list called ACL. Ensure the default policy is Deny, and then add both the IP of Switcvox, and the IP(s) of your ITSP. Ensure the prefix is /32 to only allow the single IP. 
Note: In this case the ITSP is Sangoma's SIP Station. The FQDN's are trunk1.freepbx.com and trunk2.freepbx.com. Check with your ITSP if you need the IPs. 


2) Go to Configuration → Signalling → SIP Profiles and add a new SIP profile called External_ITSP. Select the private IP that the public IP ports are forwarded to. In this example 149.248.58.42 is forwarded to 192.168.1.11. Then put the public IP of the SBC in External SIP IP Address and External RTP IP Address as shown below. Then ensure SIP Trace is enabled, as well as Strict Security as shown below. 


3) In the Authentication section Disable authenticate calls, and add the ACL list created previously to both inbound calls and registrations as shown below. 


4) Go to Configuration → Signalling → SIP Profiles and add a new SIP profile called Internal_ITSP. Selecting the private IP, enabling SIP trace and enabling Strict Security. 


5) In the Authentication section Disable authenticate calls, and add the ACL list created previously to both inbound calls and registrations as shown below. 


 6) Go to Configuration → Signalling → SIP Trunks and create a new SIP trunk called swvx_itsp. This trunk will point to your Switchvox PBX. Put the IP of the Switchvox in the domain, and ensure the SIP profile is set to Internal_ITSP. As well ensure Registration is Disabled. 


7) Create another SIP trunk called Trunk1. This will go to trunk1.freepbx.com. Enter the username and password. Set the SIP profile to External_ITSP and enable Registration. 



8) Create another SIP trunk called Trunk2. This will go to trunk2.freepbx.com. Enter the username and password. Set the SIP profile to External_ITSP and enable Registration. 
Note: Some ITSP's may only have 1 SIP Trunk. If this is the case skip this step. 


9) Go to Configuration → Routing → Call Routing and create a new routing plan called External_ITSP. Then make a new rule as shown below. Ensure the Stop policy is set as shown below, and the trunk is set to swvx_itsp. 

Expression: (.*)
Destination: $1


10) Go to Configuration → Routing → Call Routing and create a another new routing plan called Internal_ITSP. If your provider only has a single trunk, then you can use the same rule as in step #9, but select your providers trunk. If you are using SIP Station or any other provider with two trunks, then use the rule below. This will allow fail over to work; where the call will go to trunk1, and if that is down, then it will go to trunk2. 

Action 1: hangup_after_bridge
Value 1: true 

Action 2: continue_on_fail
Value 2: NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,NO_USER_RESPONSE,NO_ROUTE_DESTINATION,NETWORK_OUT_OF_ORDER,CALL_REJECTED,DESTINATION_OUT_OF_ORDER,NORMAL_CIRCUIT_CONGESTION

Action 3: bridge
Value 3: sip/trunk/Trunk1/$1

Action 4: bridge
Value 4: sip/trunk/Trunk2/$1


10) Go to Configuration → Signalling → SIP Profiles → External_ITSP and modify and then edit the profile. Scroll to the bottom and set the Routing plan to External_ITSP. 


11)  Go to Configuration → Signalling → SIP Profiles → Internal_ITSP and modify and then edit the profile. Scroll to the bottom and set the Routing plan to Internal_ITSP. 


12) To configure the Intrusion Detection or IDS simply go to Configuration → Security → Intrusion Detection and select the following 4 rule groups as shown below. We will be isolating the webUI from the internet, so there is no need for the other rules. Once done click the update button at the bottom to save changes. 


13) Go to Overview→ Security→ Intrusion Detection Status and then ensure the Switchvox IP is in the list. In this case the Switchvox is 192.168.1.5, which falls in the 192.168.0.0/16 range, which is part of the default config. In most cases this step can be skipped, as all private addresses are included here by default. 


14) Last step to security is configuring both the webUI and SSH to only listen on the internal network. To do this go to System → Server → Web and set the Network Interface to the private network, then save changes. 

15)  Go to System → Server → Secure Shell to do the same for SSH. Setting the Network Interface to the private IP. 



Switchvox Configuration


1) Go to Setup → Call Routing → VoIP Providers and create a new Provider called SBC. Put anything into the Your Account ID and Your Password as a place holder. The put the IP of the SBC into the Hostname/IP Address field. Use the second IP assigned to the SBC. The one that doesn't have the public IP forwarded to it. 


2) Go to Setup → Call Routing → Outgoing Calls and ensure the new Provider called SBC is assigned to the correct routes as shown below. 


3) Go to Setup → Call Routing → Incoming Calls and set the the destination. Here we have simply just sent the calls to an extension as an example. 


4) If there is any issues support will need the info up at https://wiki.sangoma.com/display/SBC/How+To+Capture+Logs when reporting an issue related to the SBC.