Cisco SIP Proxy Server Version 2.1 Administrator Guide
2. Configuring Cisco SPS
Download this chapter
2. Configuring Cisco SPS2. Configuring Cisco SPS
Download the complete book
Cisco SIP Proxy Server Administrator Guide -- pdf documentCisco SIP Proxy Server Administrator Guide -- pdf document (PDF - 3 MB)
give_us_feedback

Table Of Contents

Configuring Cisco SPS

Prerequisites

How to Configure a Proxy Server

How to Configure Subscribers

How to Configure Registries

How to Configure Routes

How to Import and Export Bulk Data

How to Configure a User ID

How to Configure TLS Support on the Proxy Server

How to Configure Proxy-Server DNS Behavior


Configuring Cisco SPS

Configuring Cisco SIP proxy server (Cisco SPS) involves tasks such as creating a proxy-server farm, setting up individual proxy servers to handle tasks, and adding subscribers, registries, and routes.

You can configure Cisco SPS in either of two ways:

Using the GUI-based provisioning system (recommended)

Manually editing text-based files

This chapter describes use of the GUI-based provisioning system. We strongly urge you to use the GUI-based provisioning system to configure the Cisco SPS. (For information on manual configuration, see "Manual Configuration.")

Caution All Cisco SPS 1.x versions require manual configuration. Therefore, for backward compatibility, Cisco SPS supports manual editing of all configuration files. However, if you use the GUI-based provisioning system, do not attempt manual editing. Manual changes to any configuration file written by the GUI are overwritten when the GUI is used again.

This chapter contains the following sections:

Prerequisites

How to Configure a Proxy Server

How to Configure Subscribers

How to Configure Registries

How to Configure Routes

How to Import and Export Bulk Data

How to Configure a User ID

How to Configure TLS Support on the Proxy Server

How to Configure Proxy-Server DNS Behavior

NoteFor troubleshooting information, see "Troubleshooting" and "SIP Call-Flow Scenarios."

For descriptions of configuration directives that may appear in the GUI interface, see "Manual Configuration."

In all configuration windows, an asterisk, *, indicates a required entry.

The GUI-based provisioning system contains menus for activities described both in this chapter and in "Operating and Maintaining Cisco SPS."

Prerequisites

Install Cisco SPS (refer to the Cisco SIP Proxy Server Installation Guide).

Activate the license (refer to the Cisco SIP Proxy Server Installation Guide).

Locate the GUI on your system.

Tip To access the Cisco SPS GUI, use this procedure:

1. Go to the following (default) directory or your Windows desktop: 

Linux:		/usr/local/sip/gui/


Solaris:		/opt/sip/gui/

2. Enter the CiscoSPS command or double-click the CiscoSPS icon to open the Cisco SPS GUI.

3. Enter your password (default is cspsuser).

4. During installation, did you enter the correct value for the pserver location?

If yes, click OK.

If no, click more>>, enter the pserver host name and port number, and click OK (the default port is 26005).

The Cisco SPS main menu appears. The pserver host name and port number automatically reappear at the next login.

How to Configure a Proxy Server

The GUI-based provisioning system allows you to access a large number of proxy-server settings. If you wish to add or delete a proxy server, however, you must use the sps_setup script, as described in the Cisco SPS Proxy Server Installation Guide.

Prerequisites

Physically install and configure each proxy server that is to become a farm member.

Set up a proxy-server farm as described in the Cisco SIP Proxy Server Installation Guide.

Information About Proxy-Server Settings

You can enable and enter details for a number of proxy-server settings (see an alphabetical listing of setting tabs in Table 2-1 and a rendition of the screen that shows the tabs in Figure 2-1).

Table 2-1 Proxy-Server Settings 

Setting Tab
Purpose

Access control

Defines or restricts the rights of other network devices to send requests through the proxy server.

Accounting

Controls the sending of accounting records by the proxy server to a pair of RADIUS servers.

Authentication

Verifies the identity of a person or a process for purposes of security.

Call Forward

Redirects incoming calls on a per-subscriber basis.

Debug and logs

Discussed in "Operating and Maintaining Cisco SPS."

ENUM

Translates phone numbers into URLs and IP addresses. Specifically, maps the E.164 number space into the Internet Domain Name System (DNS). The E.164 number space is the global plan for telephone numbers wherein every device connected to the telephone network is assigned a unique numerical address. DNS is the system used on the Internet for translating names of network nodes into addresses.

Farming

Sets routing and registry directives.

GKTMP

GateKeeper Transaction Message Protocol. Facilitates communication between the proxy server and an external application. For this communication, Cisco SPS supports ARQ-Request messages only.

MySQL

Customizes the MySQL database (a popular open-source database whose architecture makes it extremely fast and easy to customize).

Note You cannot change the MySQL database name, table name, or field names from those provided by the GUI-based provisioning system.

Number expansion

Expands an extension number to its full E.164 telephone number. You can also use number expansion to strip numbers. Consider these examples:

To expand x-0123 to 303-555-0123, add this rule:
from 50123 to 303-555-0123

To strip +888-555-xxxx to xxxx, add this rule:
from +888555.... to ....

RAS

Registration, Admission, and Status protocol. Facilitates communication between the proxy server and an H.323 gatekeeper by querying a gatekeeper for the location of an available gateway.

RPMS

Cisco Resource Policy Management System. Provides policy management for platform resources, whether data or voice, and thus enables you to offer a variety of services to a variety of customers on a single set of gateways.

Server directives

Controls system behavior. Directive commands that you set here reside in the system's configuration file.

SIP server core

Sets core directives for the SIP proxy server, including those for DNS behavior.

Virtual proxy host

Maintains multiple servers on one machine. For example, companies sharing a web server can each have their own domain (www.company1.com and www.company2.com) and access to the web server.


Figure 2-1 Edit Existing Farm Screen

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Farm/Proxies.

Step 2 Verify that farm label, server root, and proxy domain display.

They should display automatically if you installed Cisco SPS with the SPS setup (sps_setup) script. If they do not, enter the information.

Step 3 Click Advanced>>.

Step 4 Click the tab for a configurable setting. (All of the tabs are listed in Table 2-1 and shown in Figure 2-1.)

Step 5 Turn the setting On or Off as needed.

Step 6 Select or type new setting details as needed. (Click Help to view context-sensitive online help as needed.)

Note If a setting is off, all associated directives are dimmed. You can make changes only if the setting is On.

Step 7 Click Submit.

Step 8 If prompted, click OK (to restart later) or Go to Proxy Control screen (to restart now). Otherwise, proceed with the next step.

Step 9 Restart all farm servers:

a. From the Control Proxy screen, select all farm members.

b. Click Graceful restart > Yes.

How to Configure Subscribers

Tip A number of sorting and searching tools are available to you:

To resize a column, place the cursor on the vertical line dividing column headers and drag it to a desired position. To rearrange column order, place the cursor on a header and drag it to a desired position.

To display only specific subscribers, use the search tool (field, operator, search string) at page top.

To display all subscribers, use the search tool with the search string set to *.

Note If your list of subscribers is extremely large (the system limit is 20,000 records), do not display all subscribers. Apply a filter to display only specific subscribers.

To display subscribers in a particular order, use the column-heading sort arrows.

To repeat the last search that you performed, click Refresh.

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Subscribers.

Step 2 To add a new subscriber, do the following:

a. Click Add.

b. Enter subscriber information. (Any field that has a red asterisk must have an entry.)

Note Enter each subscriber's first, middle, and last name as might be useful to you for sorting, searching, and filtering. They are not used by Cisco SPS.

Step 3 To edit or delete an existing subscriber, do the following:

a. Locate the subscriber (see tips above) and click to select.

b. To edit subscriber information, do the following:

1. Click Edit.

2. Edit fields as needed.

Note A password displays as a series of asterisks (example: *****). If a system user has forgotten a password, assign a new one.

3. Click Submit.

c. To delete the subscriber, click Delete > Yes.

Step 4 When done, confirm your changes by performing a search to display the new or changed information (see tips above).

What to Do Next

You can continue with any additional configuration tasks.

How to Configure Registries

Use the following procedure to add, edit, or delete a single registry. If you need to add many registries, you can do bulk provisioning as described in the "How to Import and Export Bulk Data" section.

Tip A number of sorting and searching tools are available to you:

To resize a column, place the cursor on the vertical line dividing column headers and drag it to a desired position. To rearrange column order, place the cursor on a header and drag it to a desired position.

To display all registries, use the search tool with the search string set to *.

Note If your list of registries is extremely large (the system limit is 20,000 records), do not display all registries. Apply a filter to display only specific registries.

To display registries in a particular order, use the column-heading sort arrows.

To repeat the last search that you performed, click Refresh.

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Registry.

Step 2 Display existing registries by performing a search with the search tool (see tips above). Both dynamic and static registries display; you can differentiate dynamic from static by their expiration times.

Step 3 To add a new registry, do the following:

a. Click Add.

b. Enter registry information. (Any field that has a red asterisk must have an entry.)

Note If you set an expiration time, the registry automatically expires from Cisco SPS at the time you specify. However, the data remains in the system until you manually remove it.

Note You cannot use wildcards in a registry. If you want to use wildcards, configure a route instead.

c. Click Submit.

Step 4 To edit or delete an existing registry, do the following:

a. Locate the registry (see tips above) and click to select it.

b. To edit the registry, do the following:

1. Click Edit.

2. Edit fields as needed.

3. Click Submit.

c. To delete the registry, click Delete > Yes.

Step 5 When done, confirm your changes by performing a search to display the new or changed information (see tips above).

What to Do Next

You can continue with any additional configuration tasks.

How to Configure Routes

A dynamic route is a path through the network that is automatically calculated according to routing protocols and routing update messages. A static route is a fixed path through the network that you explicitly configure. Static routes take precedence over dynamic routes.

Static routes are synchronized among farm members.

Use the following procedure to add, edit, or delete a single route. If you need to add many routes, you can do bulk provisioning as described in the "How to Import and Export Bulk Data" section.

Tip A number of sorting and searching tools are available to you:

To resize a column, place the cursor on the vertical line dividing column headers and drag it to a desired position. To rearrange column order, place the cursor on a header and drag it to a desired position.

To display all routes, use the search tool with the search string set to *.

Note If your list of routes is extremely large (the system limit is 20,000 records), do not display all routes. Apply a filter to display only specific routes.

To display routes in a particular order, use the column-heading sort arrows.

To repeat the last search that you performed, click Refresh.

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Routes.

Step 2 Display existing routes by performing a search with the search tool (see tips above).

Step 3 To add a new route, do the following:

a. Click Add.

b. Enter route information. (Any field that has a red asterisk must have an entry.)

c. Click Submit.

Step 4 To edit or delete an existing route, do the following:

a. Locate the route (see tips above) and click to select it.

b. To edit the route, do the following:

1. Click Edit.

2. Edit fields as needed.

3. Click Submit.

c. To delete the route, click Delete > Yes.

Step 5 When done, confirm your changes by performing a search to display the new or changed information (see tips above).

What to Do Next

You can continue with any additional configuration tasks.

How to Import and Export Bulk Data

You can import and export bulk routing and registry data in comma-separated-value (csv) form. You can manipulate csv data manually or load it into Microsoft Excel for a more user-friendly table format. Each line should contain one registry or routing entry.

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Registry or Routes.

Step 2 Right-click the page.

Step 3 To import data into the GUI-based provisioning system, do the following:

a. Click Import.

b. Select the source directory and enter the source filename.

c. Click Import.

The data is read into memory and sent to the pserver for parsing and storage.

d. Review status messages and address any errors that are generated during import. Errors can be any of the following:

Syntax errors: missing quotes, too many or too few elements in a line

Semantic errors: out-of-range values, characters instead of numbers

Other errors: database overflow

e. Verify that import is successful by refining your search parameters to display the new data. and clicking Search.

Step 4 To export data from the GUI-based provisioning system, do the following:

a. Click Export.

b. Select a destination directory and enter a destination filename.

c. Click Export.

How to Configure a User ID

You can configure user IDs on your Cisco SPS—that is, control who, in addition to yourself, can access Cisco SPS and, among those with access, who can change each configurable parameter. To do so, you set up user IDs, optional passwords, and various levels of read-write permission, including read only.

Detailed Steps

Step 1 To edit your own account, do the following:

a. From the Cisco SPS main menu (see Tip for how to access), click My Account.

b. Edit fields as needed.

c. Click Submit.

Step 2 To add a new account, do the following:

a. From the Cisco SPS main menu (see Tip for how to access), click Administrator Accounts.

b. Click Add.

c. Enter account information. (Any field that has a red asterisk must have an entry.)

d. Click Submit.

Step 3 To edit or delete an existing account, do the following:

a. From the Cisco SPS main menu (see Tip for how to access), click Administrator Accounts.

b. Locate the account (see tips above) and click to select it.

c. To edit the account, do the following:

1. Click Edit.

2. Edit fields as needed.

Note A password displays as a series of asterisks (example: *****). If a system user has forgotten a password, assign a new one.

3. Click Submit.

d. To delete the account, click Delete > Yes.

Step 4 When done, click Refresh to redisplay all accounts, unfiltered.

How to Configure TLS Support on the Proxy Server

Note To learn how to set up Transport Layer Security (TLS) certificates, refer to the Cisco SIP Proxy Server Installation Guide.

Detailed Steps

Step 1 In the (Linux) /usr/local/sip/conf/ or (Solaris) /opt/sip/conf directory, open the Cisco SPS configuration (sipd.conf) file using a text editor such as vi.

Step 2 Set the following directives as needed. (They directly control TLS functionality.)

Note Except for AllowSipTlsConversionToSip and SipTlsEnable, directives are read-only during start and restart.

SipTlsEnable—Enables TLS. Default is Off.

AllowSipTlsConversionToSip—Gives explicit permission for a proxy server to terminate incoming SIPS requests on the SIP contacts. This is a security risk, and should be used very carefully. Use it only if you know in advance that your endpoints and gateways are incapable of receiving sips/TLS connections. Default is Off.

SipTlsPort—TLS port. Default is 5061.

SipTlsSessionTimeout—Server-side session cache timeout value, in seconds. Sessions are not reusable after this timeout expires. Default is 300.

SipTlsCertificateFile—Location of the privacy-enhanced mail (PEM)-encoded certificate file for the server.

SipTlsCertificateKeyFile—Location of the PEM-encoded private key file for the server.

SipTlsCACertificateFile—Location of certificates of the certification authorities with whose clients Cisco SPS deals. These certificates are used for client authentication. The file is simply a concatenation of the various PEM-encoded certificate files, in order of preference.

SipTlsMutualAuthentication—Directs the server-side TLS to perform mutual authentication when accepting a new connection from TLS clients.

Step 3 Set the following directives as needed. (They indirectly control TLS functionality.)

StatefulServer—Enables TLS functionality only when SPS runs in stateful mode.

AddRecordRoute—If the proxy server is not configured to add record routes, disables translation from SIP to SIPS and vice versa.

SipTcpReuseConnection—If the proxy server is configured not to reuse TCP connections, also prevents TLS from reusing the connections. This might result in poor performance; hence, whenever you intend to use TLS, set this to On.

Step 4 Save and close the file.

How to Configure Proxy-Server DNS Behavior

You can configure proxy-server DNS behavior—that is, you can configure varying degree of DNS support, depending on your requirement. You configure the proxy server to locate other SIP services and then you set directives.

Detailed Steps

Step 1 From the Cisco SPS main menu (see Tip for how to access), click Farm/Proxies.

Step 2 Verify that farm label, server root, and proxy domain display.

They should display automatically if you installed Cisco SPS with the SPS setup (sps_setup) script. If they do not, enter the information.

Step 3 Click Advanced>>.

Step 4 Click SIP Server Core.

Step 5 Turn the setting on or off.

Step 6 Select or type new setting details as needed. (Click Help to view context-sensitive online help as needed.)

Note If a setting is Off, all associated directives are grayed out. You can make changes only if the setting is On.

Step 7 Set the following DNS directives as needed:

AllowNaptrLookup—Enables naming-authority-pointer (NAPTR) lookup logic on the proxy server. Default is On. If this directive is Off, use TransportPrefOrder to select a transport.

TransportPrefOrder—Transport preferences for times when NAPTR cannot be used or is unsuccessful. Valid values are the following:

TLS_TCP_UDP (default)

TLS_UDP_TCP

TCP_TLS_UDP

TCP_UDP_TLS

UDP_TLS_TCP

UDP_TCP_TLS

TLS_TCP, TLS_UDP

TCP_TLS, TCP_UDP

UDP_TLS

UDP_TCP

TLS (if SipTlsEnable is disabled, TLS is ignored)

TCP

UDP

SrvForFqdnOnly—Enables SRV DNS lookups only on FQDN hosts (an FQDN is a fully qualified domain name). A Request-URIs URL whose host portion is not an IP address and has a period is considered an FQDN. The system normally performs SRV DNS lookup for any host portion that does not contain a target port. Default is Off.

Step 8 Set the following proxy-server directives as needed:

ProxyAddressResolutionType—Type of DNS configuration for SIP services in the proxy-server domain.Valid values are the following:

IP—No DNS configuration is available; the proxy server should use IP addresses in the headers. This is the default setting.

A—DNS is set up with A records corresponding to the ServerName directive. The proxy server uses this value in headers.

SRV—If the ServerName directive is not enabled, the proxy server uses its host-name SRV (which indicates that the proxy server domain has SRV records configured), and hence uses the value of the ProxyDomain directive in headers.

Note To set up DNS records for the proxy-server domain (ProxyDomain directive) and proxy-server farm name (ServerName directive), refer to "DNS Setup."

IpAddrInPathHeaders—IP address to be used in Via and Record-Route path headers when ProxyAddressResolutionType is set to IP. If this directive is not configured, the first value returned from GetHostByName is used. The primary purpose of this directive is to control which address is used on multihomed servers.

Step 9 Click Submit.

Step 10 If prompted, click OK (to restart later) or Go to Proxy Control screen (to restart now). Otherwise, proceed with the next step.

Step 11 Restart all farm servers:

a. From the Control Proxy screen, select all farm members.

b. Click Graceful restart > Yes.