Cisco Unified Border Element (SP Edition) Configuration Profile Examples
Business-to-Business Telepresence Configuration Profile Example
Downloads: This chapterpdf (PDF - 269.0KB) The complete bookPDF (PDF - 1.05MB) | Feedback

Business-to-Business TelePresence Configuration Profile Example

Table Of Contents

Business-to-Business TelePresence Configuration Profile Example

Business-to-Business TelePresence Configuration Profile Adjacencies

Business-to-Business TelePresence Configuration Profile (in Segments)

Business-to-Business TelePresence Configuration Profile (for Copy and Paste)

Business-to-Business TelePresence Configuration Profile (with CLI Prompts)


Business-to-Business TelePresence Configuration Profile Example


This section provides a complete example of a Business-to-Business TelePresence Configuration Profile in the following sections:

Business-to-Business TelePresence Configuration Profile Adjacencies

Business-to-Business TelePresence Configuration Profile (in Segments)

Business-to-Business TelePresence Configuration Profile (for Copy and Paste)

Business-to-Business TelePresence Configuration Profile (with CLI Prompts)

Business-to-Business TelePresence Configuration Profile Adjacencies

In a TelePresence application, the Cisco Unified Border Element can be used to create secure media connections between the networks of two separate businesses. In the following examples, the TelePresence equipment is attached to the network via a CUCM. CUCM1 and CUCM2 are configured as SIP endpoints.

Figure 4 shows the network diagram for these examples:

Figure 4

Business-to-Business TelePresence

Lua Script

If you are using Cisco TelePresence Release 1.8 or later, create and upload the srtp.lua script to the router. The function of this script is to convert SRTP in the inbound SDP to RTP and to convert RTP in the outbound SDP to SRTP. The contents of this script are as follows:

local avp="RTP/AVP"
local savp="RTP/SAVP"
local crypto="a=crypto:"
local xcrypto="a=xcrypto:"
local origRTP="a=origRTP"
 
   
function to_rtp_avp(msg)
  for m in msg.sdp.media_blocks:iter() do
    --check if SDP comes as SAVP
    local i,j = m.media_lines[1]:find(savp)
    if i then
      m.media_lines[1]:replace(savp,avp)
      for a in m:select_by_prefix(crypto):iter() do
        --MeLogger.info("replacing " .. crypto .. " line:" .. a.text .. "\n")
        a:replace(crypto,xcrypto)
      end
    else
      -- if not, mark it by adding an attribuite
      m:insert_child_last(MeSdpLine.new(origRTP))
    end
  end
end
 
   
function to_rtp_savp(msg)
  for m in msg.sdp.media_blocks:iter() do
    local i,j = m.media_lines[1]:find(avp)
    if i then
      -- if media stream is RTP
      -- this might be two cases
      --   1: sdp comes from wire as RTP. 2, sdp is changed by inbound editor to RTP
 
   
      -- check inbound sdp rtp marker
      local oRTP=m:select_by_prefix(origRTP)
      if oRTP:empty() then
        -- changed by inbound sdp editor as RTP
        m.media_lines[1]:replace(avp,savp)
        for a in msg.sdp:select_by_prefix(xcrypto):iter() do
          --MeLogger.info("replacing " .. xcrypto .. " line:" .. a.text .. "\n")
          a:replace(xcrypto,crypto)
        end
      else
        -- RTP comes from wire
        for l in oRTP:iter() do
          l:delete()
        end
      end
    end
  end
end
 
   
MeEditor.register("after_send","to_rtp_savp",to_rtp_savp)
MeEditor.register("before_receive","to_rtp_avp",to_rtp_avp)

Configuring the Script Set

The following example shows how to configure the script set. Perform this procedure only if you are using Cisco TelePresence Release 1.8 or later.

script-set 2 lua
    script srtp
      filename bootflash:srtp.lua
      load-order 100
      type full
    complete
 
   
   active-script-set 2

Configuring the Header Editor

The following example shows how to configure the header editor. Perform this procedure only if you are using Cisco TelePresence Release 1.8 or later.

sip header-editor tp-to-supported
    blacklist
    header x-supported entry 1
     action replace-name value "supported"
      condition status-code eq "200"
    header x-supported entry 2
     action replace-name value "supported"
      condition status-code eq "200"
    header x-supported entry 3
     action replace-name value "supported"
      condition status-code eq "200"
   sip header-editor tp-add-x-srtp-fb
    blacklist
    header srtp-fb entry 1
     action replace-name value "supported"
      condition status-code eq "200"
   sip header-editor tp-to-x-supported
    blacklist
    header srtp-fb entry 1
     action add-first-header value "X-cisco-srtp-fallback"
      condition header-name supported header-value regex-match 
"^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 1
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 2
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 3
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"

CUCM 1 Adjacency

The following example shows how to configure the CUCM adjacency for Business 1. Perform the configuration steps highlighted in bold font only if you are using Cisco TelePresence Release 1.8 or later.

adjacency sip CUCM1
	vrf CUCM1
	editor-type editor
	header-profile inbound PASS-HEADERS
	header-profile outbound PASS-HEADERS
	method-profile inbound method1
	method-profile outbound method1
	option-profile ua inbound option1
	option-profile ua outbound option1
	preferred-transport tcp
	security trusted-unencrypted
	signaling-address ipv4 23.61.1.1
		statistics method summary
	signaling-port 5160
	remote-address ipv4 175.181.0.10 255.255.255.255
	signaling-peer 175.181.0.10
	signaling-peer-port 5160
	header-editor outbound tp-add-x-srtp-fb
	editor-list before-receive
		editor 1 to_rtp_avp
	 editor-list after-send
		editor 1 to_rtp_savp
	account CUCM1
	attach

CUCM 2 Adjacency

The following example shows how to configure the CUCM adjacency for Business 2:

adjacency sip CUCM2
	vrf CUCM2
	editor-type editor
	header-profile inbound PASS-HEADERS
	header-profile outbound PASS-HEADERS
	method-profile inbound method1
	method-profile outbound method1
	option-profile ua inbound option1
	option-profile ua outbound option1
	preferred-transport tcp
	security trusted-unencrypted
	signaling-address ipv4 23.61.2.1
	statistics method summary
	signaling-port 5160
	remote-address ipv4 175.182.0.12 255.255.255.255
	signaling-peer 175.182.0.12
	signaling-peer-port 5160
	header-editor inbound tp-to-supported
	 editor-list before-receive
		editor 1 to_rtp_avp
		editor 2 tp-to-x-supported
	 editor-list after-send
		editor 1 to_rtp_savp
	account CUCM2
	attach

Business-to-Business TelePresence Configuration Profile (in Segments)

This TelePresence Configuration Profile example shows each segment of the example separated by a Heading describing the function of that segment.

Configuration Mode

configure terminal 

SBC SBE Configuration Setup

sbc MY_SBC
	sbe

Media Characteristics (Security)

secure-media
...
... 

White List, Pass Headers

sip header-profile PASS-HEADERS
	description pass non-essential headers
	header Allow entry 1
	action pass
	header Min-SE entry 1
	action pass
	header Reason entry 1
	action pass
	header SERVER entry 1
	action pass
	header DIVERSION entry 1
	action pass
	header Allow-Events entry 1
	action pass
	header Remote-Party-ID entry 1
	action pass
	header Session-Expires entry 1
	action pass
	header session-expiry entry 1
	action pass
	header RESOURCE-PRIORITY entry 1
	action pass

White List, Methods and Options

sip method-profile method1
	description pass default methods
	pass-body
	method INFO
	action as-profile
	method OPTION
	action pass
	method UPDATE
	action pass
	sip option-profile option1
	description pass default options plus timer
	option TIMER
	option REPLACES 
 
   

Script Set Configuration

If you are using Cisco TelePresence Release 1.8 or later, perform this procedure.

script-set 2 lua
    script srtp
      filename bootflash:srtp.lua
      load-order 100
      type full
    complete
 
   

active-script-set 2

Header Editor

If you are using Cisco TelePresence Release 1.8 or later, perform this procedure.

sip header-editor tp-to-supported
    blacklist
    header x-supported entry 1
     action replace-name value "supported"
      condition status-code eq "200"
    header x-supported entry 2
     action replace-name value "supported"
      condition status-code eq "200"
    header x-supported entry 3
     action replace-name value "supported"
      condition status-code eq "200"
   sip header-editor tp-add-x-srtp-fb
    blacklist
    header srtp-fb entry 1
     action replace-name value "supported"
      condition status-code eq "200"
   sip header-editor tp-to-x-supported
    blacklist
    header srtp-fb entry 1
     action add-first-header value "X-cisco-srtp-fallback"
      condition header-name supported header-value regex-match 
"^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 1
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 2
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
    header supported entry 3
     action replace-name value "x-supported"
      condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"

CUCM Adjacency 1

If you are using Cisco TelePresence Release 1.8 or later, you must also perform the steps highlighted in bold. If you are using an earlier release of Cisco TelePresence, skip the steps highlighted in bold.

adjacency sip CUCM1
	vrf CUCM1
	editor-type editor
	header-profile inbound PASS-HEADERS
	header-profile outbound PASS-HEADERS
	method-profile inbound method1
	method-profile outbound method1
	option-profile ua inbound option1
	option-profile ua outbound option1
	preferred-transport tcp
	security trusted-unencrypted
	signaling-address ipv4 23.61.1.1
	statistics method summary
	signaling-port 5160
	remote-address ipv4 175.181.0.10 255.255.255.255
	signaling-peer 175.181.0.10
	signaling-peer-port 5160
	header-editor outbound tp-add-x-srtp-fb
	 editor-list before-receive
		editor 1 to_rtp_avp 
	 editor-list after-send
		editor 1 to_rtp_savp
	account CUCM1
	attach
 
   

CUCM Adjacency 2

If you are using Cisco TelePresence Release 1.8 or later, you must also perform the steps highlighted in bold. If you are using an earlier release of Cisco TelePresence, skip the steps highlighted in bold.

adjacency sip CUCM2
	vrf CUCM2
	editor-type editor
	header-profile inbound PASS-HEADERS
	header-profile outbound PASS-HEADERS
	method-profile inbound method1
	method-profile outbound method1
	option-profile ua inbound option1
	option-profile ua outbound option1
	preferred-transport tcp
	security trusted-unencrypted
	signaling-address ipv4 23.61.2.1
	statistics method summary
	signaling-port 5160
	remote-address ipv4 175.182.0.12 255.255.255.255
	signaling-peer 175.182.0.12
	signaling-peer-port 5160
	header-editor inbound tp-to-supported 
	 editor-list before-receive
		editor 1 to_rtp_avp
		editor 2 tp-to-x-supported
	 editor-list after-send
		editor 1 to_rtp_savp
	account CUCM2
	attach
 
   

Call Policy, CUCM Connection

call-policy-set 1
	first-call-routing-table start-table
	rtg-src-adjacency-table start-table
	entry 1
		match-adjacency CUCM2
		dst-adjacency CUCM1
		action complete
	entry 2
		match-adjacency CUCM1
		dst-adjacency CUCM2
		action complete
	complete
active-call-policy-set 1

Call Policy, Number Analysis Stage - Number Validation

call-policy-set 2
	first-number-analysis-table VALIDATE-DEST-PREFIX
	na-dst-prefix-table VALIDATE-DEST-PREFIX
	entry 1
		match-prefix 8XX
		action accept
		exit
	entry 2
		match-prefix 911
		action accept
		exit
	entry 3
		match-prefix 1XX
		action accept
		exit
	entry 4
		match-prefix X
		action reject
		exit
	complete
active-call-policy-set 2

Call Policy, Number Analysis Stage - Number Categorization

call-policy-set 3
	first-number-analysis-table VALIDATE-DEST-PREFIX 
	na-dst-prefix-table VALIDATE-DEST-PREFIX
	entry 1
		match-prefix 8X
		category Non-emergency
		action accept
		exit
	entry 2
		match-prefix 1XX
		category Non-Emergency
		action accept
		exit
	entry 3
		match-prefix 911
		category Emergency
		action accept
		exit
	entry 4
		match-prefix X
		action reject
		exit
		complete
active-call-policy-set 3
 
   

Call Policy, Number Analysis Stage - Digit Manipulation

call-policy-set 4
	first-number-analysis-table VALIDATE-DEST-PREFIX 
	na-dst-prefix-table VALIDATE-DEST-PREFIX
	entry 1
		match-prefix 8X
		category Non-emergency
		edit-dst del-prefix 1
		action accept
		exit
	entry 2
		match-prefix 1XX 
		category Non-Emergency
		action accept
		exit
	entry 3
		match-prefix 911
		category Emergency
		action accept
		exit
		entry 4
		match-prefix X
		action reject
		exit
	complete
active-call-policy-set 4

Call Policy, Routing Stage - Destination Adjacency

call-policy-set 5
	first-call-routing-table ROUTE-ON-DEST-NUM
	rtg-dst-address-table ROUTE-ON-DEST-NUM
	entry 1
		match-address 212
		prefix
		edit add-prefix 1
		dst-adjacency CUCM1
		action complete
		exit
	entry 2
		match-address 215
		prefix
		dst-adjacency CUCM1
		 action complete
		entry 3
		match-address 732
		prefix
		dst-adjacency CUCM2
		action complete
		exit
	entry 4
		match-address 908
		prefix
		dst-adjacency CUCM2
		edit replace 609
		action complete
		complete
		exit
active-call-policy-set 5

Call Admission Control, CAC Policy Media Bandwidth Field Ignore

cac-policy-set 1
	description Ignore the  bandwidth field in SDP
	first-cac-table BW
	first-cac-scope call
	cac-table BW
	table-type policy-set
	entry 1
		media bandwidth-field ignore
		action cac-complete
	complete 
active-cac-policy-set 1
 
   

Show Command, Display Adjacencies

Router# show sbc MY_SBC sbe adjacencies 
 
   
SBC Service "MY_SBC"
      Name                      Type    State        Description 
      -----------------------------------------------------------
      CUCM1                     SIP     Attached                 
      CUCM2                     SIP     Attached                 
TPX-SBC#

Business-to-Business TelePresence Configuration Profile (for Copy and Paste)

This is a complete TelePresence Configuration Profile example that can be copied and pasted into the CLI of an ASR1000 running the Cisco Unified Border Element. Each segment is separated only by returns.


Note If you are using Cisco TelePresence Release 1.8 or later, you must also perform the steps highlighted in bold. If you are using an earlier release of Cisco TelePresence, skip the steps highlighted in bold.


configure terminal
 
   
sbc MY_SBC
sbe
secure-media
 
   
 
   
sip header-profile PASS-HEADERS
description pass non-essential headers
header Allow entry 1
action pass
header Min-SE entry 1
action pass
header Reason entry 1
action pass
header SERVER entry 1
action pass
header DIVERSION entry 1
action pass
header Allow-Events entry 1
action pass
header Remote-Party-ID entry 1
action pass
header Session-Expires entry 1
action pass
header session-expiry entry 1
action pass
header RESOURCE-PRIORITY entry 1
action pass
 
   
 
   
 
   
sip method-profile method1
description pass default methods
pass-body
method INFO
action as-profile
method OPTION
action pass
method UPDATE
action pass
sip option-profile option1
description pass default options plus timer
option TIMER
option REPLACES 
 
   
script-set 2 lua
script srtp
filename bootflash:srtp.lua
load-order 100
type full
complete
 
   
active-script-set 2 

sip header-editor tp-to-supported
blacklist
header x-supported entry 1
action replace-name value "supported"
condition status-code eq "200"
header x-supported entry 2
action replace-name value "supported"
condition status-code eq "200"
header x-supported entry 3
action replace-name value "supported"
condition status-code eq "200"
sip header-editor tp-add-x-srtp-fb
blacklist
header srtp-fb entry 1
action replace-name value "supported"
condition status-code eq "200"
sip header-editor tp-to-x-supported
blacklist
header srtp-fb entry 1
action add-first-header value "X-cisco-srtp-fallback"
condition header-name supported header-value regex-match "^.*X-cisco-srtp-fallback.*$"
condition status-code eq "200"
header supported entry 1
action replace-name value "x-supported"
condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
condition status-code eq "200"
header supported entry 2
action replace-name value "x-supported"
condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
condition status-code eq "200"
header supported entry 3
action replace-name value "x-supported"
condition header-value not regex-match "^.*X-cisco-srtp-fallback.*$"
condition status-code eq "200"
 
   
adjacency sip CUCM1
vrf CUCM1
editor-type editor
header-profile inbound PASS-HEADERS
header-profile outbound PASS-HEADERS
method-profile inbound method1
method-profile outbound method1
option-profile ua inbound option1
option-profile ua outbound option1
preferred-transport tcp
security trusted-unencrypted
signaling-address ipv4 23.61.1.1
statistics method summary
signaling-port 5160
remote-address ipv4 175.181.0.10 255.255.255.255
signaling-peer 175.181.0.10
signaling-peer-port 5160
header-editor outbound tp-add-x-srtp-fb 
editor-list before-receive
editor 1 to_rtp_avp 
editor-list after-send
editor 1 to_rtp_savp
account CUCM1
attach
 
   
adjacency sip CUCM2
vrf CUCM2
editor-type editor
header-profile inbound PASS-HEADERS
header-profile outbound PASS-HEADERS
method-profile inbound method1
method-profile outbound method1
option-profile ua inbound option1
option-profile ua outbound option1
preferred-transport tcp
security trusted-unencrypted
signaling-address ipv4 23.61.2.1
statistics method summary
signaling-port 5160
remote-address ipv4 175.182.0.12 255.255.255.255
signaling-peer 175.182.0.12
signaling-peer-port 5160
header-editor inbound tp-to-supported
editor-list before-receive
editor 1 to_rtp_avp
editor 2 tp-to-x-supported
editor-list after-send
editor 1 to_rtp_savp
account CUCM2
attach
 
   
 
   
 
   
call-policy-set 1
first-call-routing-table start-table
rtg-src-adjacency-table start-table
entry 1
match-adjacency CUCM2
dst-adjacency CUCM1
action complete
entry 2
match-adjacency CUCM1
dst-adjacency CUCM2
action complete
complete
active-call-policy-set 1
 
   
 
   
 
   
call-policy-set 2
first-number-analysis-table VALIDATE-DEST-PREFIX
na-dst-prefix-table VALIDATE-DEST-PREFIX
entry 1
match-prefix 8XX
action accept
exit
entry 2
match-prefix 911
action accept
exit
entry 3
match-prefix 1XX
action accept
exit
entry 4
match-prefix X
action reject
exit
complete
active-call-policy-set 2
 
   
 
   
 
   
call-policy-set 3
first-number-analysis-table VALIDATE-DEST-PREFIX 
na-dst-prefix-table VALIDATE-DEST-PREFIX
entry 1
match-prefix 8X
category Non-emergency
action accept
exit
entry 2
match-prefix 1XX
category Non-Emergency
action accept
exit
entry 3
match-prefix 911
category Emergency
action accept
exit
entry 4
match-prefix X
action reject
exit
complete
active-call-policy-set 3
 
   
 
   
 
   
call-policy-set 4
first-number-analysis-table VALIDATE-DEST-PREFIX 
na-dst-prefix-table VALIDATE-DEST-PREFIX
entry 1
match-prefix 8X
category Non-emergency
edit-dst del-prefix 1
action accept
exit
entry 2
match-prefix 1XX 
category Non-Emergency
action accept
exit
entry 3
match-prefix 911
category Emergency
action accept
exit
entry 4
match-prefix X
action reject
exit
complete
active-call-policy-set 4
 
   
 
   
 
   
call-policy-set 5
first-call-routing-table ROUTE-ON-DEST-NUM
rtg-dst-address-table ROUTE-ON-DEST-NUM
entry 1
match-address 212
prefix
edit add-prefix 1
dst-adjacency CUCM1
action complete
exit
entry 2
match-address 215
prefix
dst-adjacency CUCM1
 action complete
entry 3
match-address 732
prefix
dst-adjacency CUCM2
action complete
exit
entry 4
match-address 908
prefix
dst-adjacency CUCM2
edit replace 609
action complete
complete
exit
active-call-policy-set 5
 
   
 
   
 
   
cac-policy-set 1
description Ignore the  bandwidth field in SDP
first-cac-table BW
first-cac-scope call
cac-table BW
table-type policy-set
entry 1
media bandwidth-field ignore
action cac-complete
complete
active-cac-policy-set 1
 
   

Business-to-Business TelePresence Configuration Profile (with CLI Prompts)

This complete TelePresence Configuration Profile example shows the CLI prompts.


Note If you are using Cisco TelePresence Release 1.8 or later, you must also perform the steps highlighted in bold. If you are using an earlier release of Cisco TelePresence, skip the steps highlighted in bold.


Router# configure terminal
Router(config)# sbc MY_SBC
Router(config-sbc)# sbe
Router(config-sbc-sbe)# secure-media
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# sip header-profile PASS-HEADERS
Router(config-sbc-sbe-sip-hdr)# description pass non-essential headers
Router(config-sbc-sbe-sip-hdr)# header Allow entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header Min-SE entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header Reason entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header SERVER entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header DIVERSION entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header Allow-Events entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header Remote-Party-ID entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header Session-Expires entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# header session-expiry entry 1
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# $URCE-PRIORITY entry 1         
Router(config-sbc-sbe-sip-hdr-ele)# action pass
Router(config-sbc-sbe-sip-hdr-ele-act)# 
Router(config-sbc-sbe-sip-hdr-ele-act)# 
Router(config-sbc-sbe-sip-hdr-ele-act)# 
Router(config-sbc-sbe-sip-hdr-ele-act)# sip method-profile method1
Router(config-sbc-sbe-sip-mth)# description pass default methods
Router(config-sbc-sbe-sip-mth)# pass-body
Router(config-sbc-sbe-sip-mth)# method INFO
Router(config-sbc-sbe-sip-mth-ele)# action as-profile
Router(config-sbc-sbe-sip-mth-ele)# method OPTION
Router(config-sbc-sbe-sip-mth-ele)# action pass
Router(config-sbc-sbe-sip-mth-ele)# method UPDATE
Router(config-sbc-sbe-sip-mth-ele)# action pass
Router(config-sbc-sbe-sip-mth-ele)# sip option-profile option1
Router(config-sbc-sbe-sip-opt)# $ pass default options plus timer      
Router(config-sbc-sbe-sip-opt)# option TIMER
Router(config-sbc-sbe-sip-opt)# option REPLACES 
Router(config-sbc-sbe-sip-opt)# 
Router(config-sbc-sbe)# script-set 2 lua
Router(config-sbc-sbe-script-set)# script srtp
Router(config-sbc-sbe-scrpset-script)# filename bootflash:srtp.lua
Router(config-sbc-sbe-scrpset-script)# load-order 100
Router(config-sbc-sbe-scrpset-script)# type full
Router(config-sbc-sbe-script-set)# complete
Router(config-sbc-sbe)# active-script-set 2
Router(config-sbc-sbe)# sip header-editor tp-to-supported
Router(config-sbc-sbe)# blacklist
Router(config-sbc-sbe-sip-hdr)# header x-supported entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe-sip-hdr)# header x-supported entry 2
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe-sip-hdr)# header x-supported entry 3
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe)# sip header-editor tp-add-x-srtp-fb
Router(config-sbc-sbe)# blacklist
Router(config-sbc-sbe-sip-hdr)# header srtp-fb entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe)# sip header-editor tp-to-x-supported
    blacklist
Router(config-sbc-sbe-sip-hdr)# header srtp-fb entry 1
     action add-first-header value "X-cisco-srtp-fallback"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-name supported header-value 
regex-match "^.*X-cisco-srtp-fallback.*$"
      condition status-code eq "200"
Router(config-sbc-sbe-sip-hdr)# header supported entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "x-supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-value not regex-match 
"^.*X-cisco-srtp-fallback.*$"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe-sip-hdr)# header supported entry 2
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "x-supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-value not regex-match 
"^.*X-cisco-srtp-fallback.*$"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe-sip-hdr)# header supported entry 3
Router(config-sbc-sbe-mep-hdr-ele)# action replace-name value "x-supported"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-value not regex-match 
"^.*X-cisco-srtp-fallback.*$"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq "200"
Router(config-sbc-sbe-sip-opt)#
Router(config-sbc-sbe-sip-opt)#
Router(config-sbc-sbe-sip-opt)# adjacency sip CUCM1
Router(config-sbc-sbe-adj-sip)# vrf CUCM1
Router(config-sbc-sbe-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-profile inbound PASS-HEADERS
Router(config-sbc-sbe-adj-sip)# header-profile outbound PASS-HEADERS
Router(config-sbc-sbe-adj-sip)# method-profile inbound method1
Router(config-sbc-sbe-adj-sip)# method-profile outbound method1
Router(config-sbc-sbe-adj-sip)# option-profile ua inbound option1
Router(config-sbc-sbe-adj-sip)# option-profile ua outbound option1
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# security trusted-unencrypted
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 23.61.1.1
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port 5160
Router(config-sbc-sbe-adj-sip)# $ess ipv4 175.181.0.10 255.255.255.255 
Router(config-sbc-sbe-adj-sip)# signaling-peer 175.181.0.10
Router(config-sbc-sbe-adj-sip)# signaling-peer-port 5160
Router(config-sbc-sbe-adj-sip)# header-editor outbound tp-add-x-srtp-fb
Router(config-sbc-sbe-adj-sip)# editor-list before-receive
Router(config-sbc-sbe-adj-sip-ed)# editor 1 to_rtp_avp 
Router(config-sbc-sbe-adj-sip)# editor-list after-send
Router(config-sbc-sbe-adj-sip-ed)# editor 1 to_rtp_savp
Router(config-sbc-sbe-adj-sip)# account CUCM1
Router(config-sbc-sbe-adj-sip)# attach
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)# adjacency sip CUCM2
Router(config-sbc-sbe-adj-sip)# vrf CUCM2
Router(config-sbc-sbe-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-profile inbound PASS-HEADERS
Router(config-sbc-sbe-adj-sip)# header-profile outbound PASS-HEADERS
Router(config-sbc-sbe-adj-sip)# method-profile inbound method1
Router(config-sbc-sbe-adj-sip)# method-profile outbound method1
Router(config-sbc-sbe-adj-sip)# option-profile ua inbound option1
Router(config-sbc-sbe-adj-sip)# option-profile ua outbound option1
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# security trusted-unencrypted
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 23.61.2.1
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port 5160
Router(config-sbc-sbe-adj-sip)# $ess ipv4 175.182.0.12 255.255.255.255 
Router(config-sbc-sbe-adj-sip)# signaling-peer 175.182.0.12
Router(config-sbc-sbe-adj-sip)# signaling-peer-port 5160
Router(config-sbc-sbe-adj-sip)# header-editor inbound tp-to-supported
Router(config-sbc-sbe-adj-sip)# editor-list before-receive
Router(config-sbc-sbe-adj-sip-ed)# editor 1 to_rtp_avp
Router(config-sbc-sbe-adj-sip-ed)# editor 2 tp-to-x-supported
Router(config-sbc-sbe-adj-sip)# editor-list after-send
Router(config-sbc-sbe-adj-sip-ed)# editor 1 to_rtp_savp
Router(config-sbc-sbe-adj-sip)# account CUCM2
Router(config-sbc-sbe-adj-sip)# attach
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)#
Router(config-sbc-sbe-adj-sip)# call-policy-set 1
Router(config-sbc-sbe-rtgpolicy)# first-call-routing-table start-table
Router(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table start-table
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency CUCM2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency CUCM1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# complete
Router(config-sbc-sbe-rtgpolicy)# active-call-policy-set 1
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# call-policy-set 2
Router(config-sbc-sbe-rtgpolicy)# $-table VALIDATE-DEST-PREFIX         
Router(config-sbc-sbe-rtgpolicy)# $ix-table VALIDATE-DEST-PREFIX       
Router(config-sbc-sbe-rtgpolicy-natable)# entry 1
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 8XX
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 2
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 911
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 3
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 1XX
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 4
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix X
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action reject
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# complete
Router(config-sbc-sbe-rtgpolicy)# active-call-policy-set 2
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# call-policy-set 3
Router(config-sbc-sbe-rtgpolicy)# $-table VALIDATE-DEST-PREFIX         
Router(config-sbc-sbe-rtgpolicy)# $ix-table VALIDATE-DEST-PREFIX       
Router(config-sbc-sbe-rtgpolicy-natable)# entry 1
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 8X
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Non-emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 2
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 1XX
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Non-Emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 3
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 911
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 4
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix X
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action reject
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# complete
Router(config-sbc-sbe-rtgpolicy)# active-call-policy-set 3
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# call-policy-set 4
Router(config-sbc-sbe-rtgpolicy)# $-table VALIDATE-DEST-PREFIX         
Router(config-sbc-sbe-rtgpolicy)# $ix-table VALIDATE-DEST-PREFIX       
Router(config-sbc-sbe-rtgpolicy-natable)# entry 1
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 8X
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Non-emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# edit-dst del-prefix 1
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 2
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 1XX 
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Non-Emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 3
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 911
Router(config-sbc-sbe-rtgpolicy-natable-entry)# category Emergency
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# entry 4
Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix X
Router(config-sbc-sbe-rtgpolicy-natable-entry)# action reject
Router(config-sbc-sbe-rtgpolicy-natable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-natable)# complete
Router(config-sbc-sbe-rtgpolicy)# active-call-policy-set 4
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# call-policy-set 5
Router(config-sbc-sbe-rtgpolicy)# $routing-table ROUTE-ON-DEST-NUM     
Router(config-sbc-sbe-rtgpolicy)# $ress-table ROUTE-ON-DEST-NUM        
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 212
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit add-prefix 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 215
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# entry 3
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 732
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 4
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 908
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency CUCM2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit replace 609
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# complete
Router(config-sbc-sbe-rtgpolicy)# exit
Router(config-sbc-sbe)# active-call-policy-set 5
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#
Router(config-sbc-sbe)# cac-policy-set 1
Router(config-sbc-sbe-cacpolicy)# $ Ignore the  bandwidth field in SDP 
Router(config-sbc-sbe-cacpolicy)# first-cac-table BW
Router(config-sbc-sbe-cacpolicy)# first-cac-scope call
Router(config-sbc-sbe-cacpolicy)# cac-table BW
Router(config-sbc-sbe-cacpolicy-cactable)# table-type policy-set
Router(config-sbc-sbe-cacpolicy-cactable)# entry 1
Router(config-sbc-sbe-cacpolicy-cactable-entry)# $idth-field ignore    
Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete
Router(config-sbc-sbe-cacpolicy-cactable-entry)# complete
Router(config-sbc-sbe-cacpolicy)# active-cac-policy-set 1
Router(config-sbc-sbe)#
Router(config-sbc-sbe)#