If you are deploying SIP for call control signaling, configure SIP trunks that connect Cisco Unified Communications Manager to external devices such as SIP gateways, SIP Proxy Servers, Unified Communications applications, remote clusters, or a Session Management Edition.
Within Cisco Unified CM Administration, the SIP Trunk Configuration window contains the SIP signaling configurations that Cisco Unified Communications Manager uses to manage SIP calls.
You can assign up to 16 different destination addresses for a SIP trunk, using IPv4 or IPv6 addressing, fully qualified domain names, or you can use a single DNS SRV record.
You can configure the following features on SIP trunks:
Line and Name Identification Services
Delayed Offer, Early Offer and Best Effort Early Offer
Signaling encryption and authentication
Media encryption with SRTP
IPv6 dual stack support
Presentation sharing with BFCP
Far end camera control
Calling party normalization
T.38 fax support
Choice of DTMF signaling
When Q.SIG is enabled in Small-scale IP telephony (SIPT) from Cluster A to Cluster B, and if "INVITE" is received with anonymous or any text, then the Cisco Unified Communications Manager does not encode it to Q.SIG data. When you decode the same in the leaf cluster, it displays empty and empty number is forwarded.
When Q.SIG is enabled, URI dialing does not respond as expected and if Q.SIG is disabled, then the Cisco Call Back does not respond between two clusters.
IPv6 Dual Stack Support
You can also configure your SIP trunks with dual stack support by configuring the IP Addressing Mode in a Common Device Configuration and then applying that configuration to the SIP trunk. Add additional detail here.
Secure SIP Trunks
You can also configure your trunks with security such as digest authentication and signaling and media encryption by configuring a SIP trunk security profile that includes security features such as digest authentication and TLS signaling and associate that profile to the SIP trunks in your network. To encrypt call media, you must also configure the trunk to allow SRTP media.
You must assign a SIP trunk security profile to each SIP trunk in your network. By default, Cisco Unified Communications Manager applies a predefined, nonsecure SIP trunk security profile for autoregistration to all SIP trunks.
The SIP trunk security profile allows you to configure security settings such as digest authentication and TLS signaling encryption for the SIP trunks in your network. When you configure a SIP trunk security profile, and then assign that profile to a SIP trunk, the security settings from the profile get applied to the trunk.
You can configure multiple SIP trunk security profiles to cover the different security requirements that you have for different sets of SIP trunks in your network.
To configure your network with security, you must also set up a CTL client and configure IPSec. For details, see the Security Guide for Cisco Unified Communications Manager.
SIP Trunk Configuration Prerequisites
Before you configure your SIP trunks, do the following:
Plan your network topology so that you understand your trunk connections.
Make sure that you understand the devices to which you want to connect your trunks and how those devices implement SIP. If those devices implement SIP, you may need to apply a SIP normalization script.
Configure SIP profiles for your trunks.
In addition, configure the following before you configure your SIP trunks:
Configure SIP trunk security profiles with any security settings that you want to apply to your SIP trunks. For example, you can configure digest authentication, device security mode, and TLS encryption for SIP signaling.
If you don't configure SIP trunk security profiles, by default, Cisco Unified Communications Manager applies a nonsecure sip trunk security profile.
Configure the SIP trunks in your network. In the Trunk Configuration window, configure the SIP settings for your trunks. Assign a SIP profile, SIP trunk security profile, and a Common Device Configuration to your SIP trunk. In addition, assign any SIP normalization or transparency scripts that your trunk connection requires. For example, if your SIP trunk connects to a Cisco TelePresence VCS, you must assign the vcs-interop script to the SIP trunk.
Trunk Security Profile
Use this procedure
to configure a SIP trunk security profile that you can assign to the SIP trunks
in your network. You can assign the profile to a SIP trunk in order to
configure security settings such as digest authentication or TLS signaling
encryption. If you don't configure a SIP trunk security profile, Cisco Unified
Communications Manager assigns a nonsecure profile to the SIP trunks in your
Unified CM Administration, choose
System > Security > SIP Trunk Security
To enable SIP
signaling encryption with TLS, do the following:
Device Security Mode drop-down list box, select
the Incoming Transport Type and Outgoing Transport Type drop-down list boxes,
authentication, in the
X.509 Subject Name field, enter the subject name of
the X.509 certificate.
Incoming Port field, enter the port on which you
want to receive TLS requests. The default for TLS is 5061.
digest authentication, do the following
Enable Digest Authentication check box
Nonce Validity Timer value to indicate the number of
seconds that must pass before the system generates a new nonce. The default is
600 (10 minutes).
digest authentication for applications, check the
Enable Application Level Authorization check box.
additional fields in the
Trunk Security Profile Configuration window. For help with the
fields and their settings, refer to the online help.
information on setting up network security, refer to the
Security Guide for Cisco Unified Communications Manager.
What to Do Next
Use the following
procedure to assign the SIP trunk security profile to a SIP trunk:
A common device configuration comprises user-specific service and feature attributes. If you are configuring dual stack phones or trunks, you can use the Common Device Configuration to configure the IP addressing preference.
From Cisco Unified CM Administration, choose Device > Device Settings > Common Device Configuration.
Click Add New.
Configure the fields in the Common Device Configuration window. For help with the fields and their settings, refer to the online help.
For SIP trunks or SCCP phones, choose a value for the IP Addressing Mode drop-down list box:
IPv4 Only—The device uses only an IPv4 address for media and signaling.
IPv6 Only—The device uses only an IPv6 address for media and signaling.
IPv4 and IPv6 (Default)—The device is a dual-stack device and uses whichever IP address type is available. If both IP address types are configured on the device, for signaling the device uses the IP Addressing Mode Preference for Signaling setting and for media the device uses the IP Addressing Mode Preference for Media enterprise parameter setting.
For dual stack phones or trunks, configure an IP addressing preference for the IP Addressing Mode for Signaling drop-down list box:
IPv4—The dual stack device prefers IPv4 address for signaling.
IPv6—The dual stack device prefers IPv6 address for signaling.
Use System Default—The device uses the setting for the IP Addressing Mode Preference for Signaling enterprise parameter.
Use this procedure
to configure settings for a SIP trunk.
Cisco Intercompany Media
Engine—The trunk supports the Intercompany Media Engine (IME). Make
sure the IME server is installed before you configure this type of trunk.
IP Multimedia System
Service Control—Choose this option to enable the trunk with support
for IP Multimedia System Service Control.
If you want to
apply a Common Device Configuration to this trunk, select the configuration
Device Configuration drop-down list box.
destination address for the SIP trunk:
Destination Address text box, enter an IPv4 address,
fully qualified domain name, or DNS SRV record for the server or endpoint that
you want to connect to the trunk.
trunk is a dual stack trunk, in the
Destination Address IPv6 text box, enter an IPv6
address, fully qualified domain name, or DNS SRV record for the server or
endpoint that you want to connect to the trunk.
destination is a DNS SRV record, check the
Destination Address is an SRV check box.
additional destinations, click the
(+) button. You can add up to 16 destinations for a
Trunk Security Profile drop-down list box, assign a SIP trunk
security profile to this trunk.
Profile drop-down list box, assign a SIP profile to this trunk.
(Optional) If you want to assign a normalization script to this SIP trunk, from the Normalization Script drop-down list box, select the script that you want to assign.
additional fields in the
Configuration window. For help with the fields and their settings,
refer to the online help.