Standard SIPStation Configuration
- 1 Overview
- 2 Introduction
- 3 SIP Trunking
- 3.1 SIPStation Configuration
- 3.1.1 General Configuration
- 3.1.2 SIPStation Purchase
- 3.2 SBC Configuration
- 3.2.1 General Configuration
- 3.2.2 IP Settings | Network
- 3.2.3 IP Settings | Media Interfaces
- 3.2.4 IP Settings | Access Control Lists
- 3.2.5 Signaling | SIP Profile
- 3.2.6 Signaling | SIP Trunks
- 3.2.7 Media | Media Profiles
- 3.2.8 Routing | Call Routing
- 3.2.9 Signaling | SIP Profile
- 3.2.10 Apply Configuration
- 3.2.11 Finalizing the Installation
- 3.1 SIPStation Configuration
Â
Â
Overview
This document will guide you through the process of configuring the Session Border Controllers to work with SIPStation. This document describes the configuration of the requirement to connect SIPStation SIP Trunking with the SBC.
Introduction
For Trunking solutions, SIPStation can provide SIP Trunks to a SBC over the Internet, the SBC relays calls to the PBX. This document provides detailed information about the configuration requirements in the SMB SBC, Vega SBC, Netborder SBC and the Software VM SBC. A typical deployment connects SIPStation across Internet into the SBC, where the SBC provides Security, Routing, Interoperability and more, then delivers the SIP Trunk call to the IP-PBX.  Using SIP Protocol the SIPStation, SBC, and the IP-PBX create a Trunk together.
Â
SIP Trunking
Bringing SIP Trunks from SIPStation into the SBC and then deliver the SIP Trunk calls to the IP-PBX.
Â
IP-PBX:Â 192.168.77.112
SBC LAN IP:Â 192.168.77.124
SBC DMZ IP:Â 10.10.32.170
SBC Public WAN IP:Â 104.145.12.182
ITSPÂ FQDN: trunk1.freepbx.com, trunk2.freepbx.com
Â
Note: In the following configuration example, this is a DMZ-LAN setup of the SBC, and the IP-PBX is located on a Private LAN. This is one of many different network topologies that the SBC supports. Not all network topologies will be documented in the document, please consult other Wikis for slight changes in deployment styles of the SBC.  Slight changes in configuration from this example to other network topologies are expected.
SIPStation Configuration
General Configuration
SIPStation is a SIP Trunking Service offered by Sangoma, A customer purchases the SIP Trunking Service and then can being to make calls from their SBC/IP-PBX to the SIPStation Service. SIPStation uses FQDNs as the SIP Server address. In this configuration we are purchasing the SIPStation service, finding out where the SIPStation Trunk attributes are located for provisioning in the SBC. Once the SBC is configured, the SBC will REGISTER with SIPStation and be allowed to make Outgoing Calls and Incoming Calls.
SIPStation Purchase
There are Wikis to step through purchasing SIPStation DIDs. This document will simply overview the highlights.
Â
Login into www.sipstation.com, begin to purchase your Inbound Numbers. Proceed to Checkout and complete the purchase.
Â
Â
Once purchased, go to My Account | Trunk Groups and record the following information:
SIP Username:Â This is the Registration Username
SIP Password:Â This is the Registration Password
SIP Gateway:Â This is SIPStation FQDN
Â
SBC Configuration
General Configuration
The following configuration will focus on the SIPStation to SBC requirements. It is only half of the configuration needed for proper operation, as the SIP-PBX will also need to be configured with a SIP Trunk to the SBC and related configuration. The document will reference the IP-PBX but not show how to configure the IP-PBX. But generally, the IP-PBX setup is a simple SIP Trunk to the SBC LAN IP Address. There are other Wiki's that document how to configure SIP Trunking with SBC with a FreePBX/PBXact.
Â
IP-PBX IP:Â 192.168.77.112
SBC LAN IP:Â 192.168.77.124
SBC DMZ IP:Â 10.10.32.170
SBC Public IP:Â 104.145.12.182
ITSPÂ FQDN: trunk1.freepbx.com, trunk2.freepbx.com
Â
Note: In the following configuration example, this is a DMZ-LAN setup of the SBC, and the IP-PBX is located on a Private LAN. This is one of many different network topologies that the SBC supports. Not all network topologies will be documented in the document, please consult other Wikis for slight changes in deployment styles of the SBC.  Slight changes in configuration from this example to other network topologies are expected.
Â
IP Settings | Network
The default IP Address of the SBC is 192.168.168.2 root/sangoma  The IP Address needs to be changed and a new admin user created.
Â
Go to Configuration | IP Settings | Network
Press "Add" to add a DMZ IP Address
Interface:Â Select Eth1
Configuration:Â Select IPv4 - Static
Address:Â Enter the DMZ interface IP Address / Mask.
Press Save
Â
Press "Add" to add a LAN IP Address
Interface:Â Select Eth0
Configuration:Â Select IPv4 - Static
Address:Â Enter the LAN interface IP Address / Mask.
Press Save
Â
Once completed you will now have an IP address on eth0 for LAN and eth1 for DMZ.
Press "Edit" to configure the Default Gateway and Hostname
Â
Configure the Network
Host Name:Â Enter a FQDN for the SBC
Default Gateway Interface:Â Select eth1. the default gateway is always the way to the Internet
Default IPV4 Gateway:Â Enter the IP Address of the Default Gateway
Static DNS #1:Â Enter the IP Address of the Primary DNS Server
Static DNS #2:Â Enter the IP Address of the Secondary DNS Server
Â
Â
Apply Network
Restart Network
At this point you can access the SBC from the New LAN IP Address.
Â
IP Settings | Media Interfaces
Go to Configuration | IP Settings | Media Interfaces
Click Edit.
Â
Ensure the Transcoding Mode is to Hardware Hidden mode for all Vega SBC and Netborder SBC. Then click Save.Â
Note: For SMB SBC and Software VM SBC the Transcoding Mode is to Software. The click Save.
Â
Next click Detect Modules. Once you modules are detected click OK to continue.
Â
IP Settings | Access Control Lists
Go to Configuration | IP Settings | Access Control Lists
Access Control Lists are a list of IP Address(es) that can have an Allow or Deny policy. Typical practice is to have a Default Policy to Deny all traffic, then Allow specific Hosts and Subnets. Both local trusted LAN traffic and Internet WAN traffic need to be defined separately.
Default
Â
Â
Local LAN Internal Network ACL
Within the ACL box, click Add.
Give the ACL a name.
Â
Set the Default Policy to Deny. Press Save
Â
Within the ACL Box, press Add
Â
Add the local Subnet, where the IP-PBX resides. Add any additional networks within the LAN environment.
Policy:Â Set to Allow
IP Address:Â Enter the LAN Network Address or IP Address and Mask
Â
Internet WAN External Network ACL
Within the ACL box, click Add.
Give the ACL a name.
Â
Set the Default Policy to Deny. Press Save
Â
Within the ACL Box, press Add
Â
Add the local Subnet, where the SIPStation resides. Add any additional networks within the LAN environment.
Policy:Â Set to Allow
IP Address:Â Here you will need a list of any IP Addresses used by SIPStation - Enter the Network Address or IP Address and Mask
192.159.66.3
162.253.134.142
Â
Signaling | SIP Profile
Two SIP Profiles are needed. One for the LAN side - for 'Internal' communications with the IP-PBX and another for the WAN side - for 'External' communication with SIPStation.
Â
Go to Configuration | Signaling | SIP Profiles
A default "internal" SIP Profile will be present. You can Delete it - then Add a new Profile OR Modify it.
Â
Setup an Internal SIP Profile
Click Modify next to the default internal SIP profile.
Â
Â
This SIP Profile is used for assigning the SBC's LAN IP to a SIP Profile. This is where the IP-PBX will communicate with the SBC. IP Address. Port. Transport and other interop settings are defined here. Not all SIP Profile settings are required. here are the highlights.
Display Name: Give the SIP Profile a name. IP-PBX_Internal
User Agent: This is the name displayed on the User-Agent Header. Does not need changing.
SIP IP Address:Â Select the LAN IP Address of the SBC
Port:Â Port 5060 is default.
Transport: Select the Transport you want to use, UDP+TCP is default. Or individually UDP or TCP.
SIP Trace: Optional: Enable. It is useful when you have a problem.
Strict Security: Optional.  Enable when strict security is required, here all traffic from non whitelisted and/or registered IP addresses, on that SIP Profile, will be blocked. This means that with this feature enabled you need to assign ACLs or register endpoints in order to be able to make calls through the profile. Enabling in SIP Trunking solutions, allows the SBC to lock down to specific SIP Peers.
Authenticate Calls:Â Select Disable,
ACL for Inbound Calls: From the Available list, select and use the Arrow key to move over the Local_LAN_Internal_ACL list created earlier.
Â
Press Save
Â
Setup an External SIP Profile
Click Add to create a New SIP profile for the External SIP communications.
Â
Â
This SIP Profile is used for assigning the SBC's DMZ IP to a SIP Profile - the WAN IP address of the Firewall will be NAT'd through to the DMZ IP of the SBC. This is where the SIPStation will communicate with the SBC. IP Address. Port. Transport and other interop settings are defined here. Not all SIP Profile settings are required. here are the highlights.
Display Name: Give the SIP Profile a name. SIPStation_External
User Agent: This is the name displayed on the User-Agent Header. Does not need changing.
SIP IP Address:Â Select the LAN IP Address of the SBC
External SIP IP Address: Enter in the WAN IP Address of the Firewall/Router. This setting is only used when the SBC is behind a Firewall/Router.
Port:Â Port 5060 is default.
Transport: Select the Transport you want to use, UDP+TCP is default. Or individually UDP or TCP.
RTP IP address:Â If different than the SIP IP Address, select the IP here.
External RTP IP address:Â Enter in the WAN IP Address of the Firewall/Router. Â This setting is only used when the SBC is behind a Firewall/Router.
SIP Trace: Optional: Enable. It is useful when you have a problem.
Strict Security: Optional.  Enable when strict security is required, here all traffic from non whitelisted and/or registered IP addresses, on that SIP Profile, will be blocked. This means that with this feature enabled you need to assign ACLs or register endpoints in order to be able to make calls through the profile. Enabling in SIP Trunking solutions, allows the SBC to lock down to specific SIP Peers.
Authenticate Calls:Â Select Disable,
ACL for Inbound Calls: From the Available list, select and use the Arrow key to move over the Internet_WAN_External_ACL list created earlier.
Â
Press Save
Â
Signaling | SIP Trunks
Two SIP Trunks Profiles are needed. One for the IP-PBX and another for the SIPStation. SIP Trunks Profile is where the Peer attributes are configured.
Â
Setup the IP-PBX in a SIP Trunk Profile
Go to Configuration -> Signaling -> SIP Trunks
Click Add
The following parameters define the location and behavior specific to the IP-PBX;
Display Name: Give any Name. IP-PBX
Domain:Â Enter the IP Address or FQDN of the IP-PBX
User Name:Â Not required.
Authentication User Name:Â Not Required. Â Â Â
Password:Â Not Required.
From User:Â Not Required
From Domain:Â Not Required.
Transparent CallerID:Â Select Enabled.
Transport:Â Select UDP
OPTIONS Ping Frequency:Â Optional: Â Enter 60 for 60 Seconds
OPTIONS Max Ping:Â Optional:Â Enter 5 for 5 tries
OPTIONS Min Ping:Â Optional:Â Â Enter 5 for 5 tries
SIP Profile:Â Select the "IP-PBX_Internal" SIP Profile created earlier
Press Save
Â
Setup the SIPStation in a SIP Trunk Profile
Go to Configuration -> Signaling -> SIP Trunks
Click Add
The following parameters define the location and behavior specific to SIPStation;
Display Name: Give any Name. SIPStation
Domain:Â Enter the IP Address or FQDN of SIPStation.
Note:Â Use "trunk.freepbx.com" if your DNS Server provides DNS SRV
Note:Â If the DNS Server does not Support DNS SRV - use trunk1.freepbx.com as the primary SIPStation location
Note: If both - the DNS Server does not Support DNS SRV - And - you want a secondary trunk route option - the repeat this entire "Setup the SIPStation is a SIP Trunk Profile" for the trunk2.freepbx.com
User Name:Â SIP Username - take from the SIPStation - My Account
Authentication User Name:Â SIP Username - taken from the SIPStation - My Account. Â Â Â
Password:Â SIP Password - taken from the SIPStaion - My Account.
From User:Â Not Required.
From Domain:Â Not Required
Transparent CallerID:Â Select Enabled.
Transport:Â Select UDP
OPTIONS Ping Frequency:Â Optional: Â Enter 60 for 60 Seconds
OPTIONS Max Ping:Â Optional:Â Enter 5 for 5 tries
OPTIONS Min Ping:Â Optional:Â Â Enter 5 for 5 tries
SIP Profile:Â Select the "SIPStation_External" SIP Profile created earlier
Registration:Â Select Enable
Â
Press Save
Â
Media | Media Profiles
Go to Configuration | Media | Media Profiles
Standard SIPStation supports only G711 and G729. The SBC appliances by default has many codecs available to transcode.
Â
Edit the 'default' Media Profile.
Codec #1:Â Select either PCMU or G729 20ms
Codec #2:Â Select the other available codec
Blank the rest
Â
Press Save
Â
Note: If you want the SBC to Transcode different Codecs on the LAN side, Add a new Media Profile, with the required Codecs and assign it to the IP-PBX_Internal SIP Profile. For example if the IP-PBX wants to use G722 and SIPStation wants G711, then the new Media Profile for the IP-PBX_Internal SIP Profile should have G722 as the Codec #1.
Â
Â
Routing | Call Routing
The SBC will require two Call Route Dial Plans. One Dial Plan to send calls from the IP-PBX to SIPStation, and another Dial Plan to send calls from the SIPStation to the IP-PBX.
Â
Go to Configuration | Routing | Call Routing
Â
Outbound Calling
Click the Add button in the Basic Call Routing section to add a new routing plan.
Â
Give the Dial Plan a name. Outbound_Calling - then click Add.Â
Â
Basic Call Routing Setup
Display Name:Â Give any name:Â Outbound_Calling
Description: Give any description. Outbound_Calling
Trace Call:Â Enable is helpful when problems occur.
Default Response:Â Select 404
Â
Â
Once in the new routing plan click Add to add a new rule.Â
Â
Â
This very next Dial Plan Rule is a redundant Dial Plan, when ACL is in place.  But this shows some extra flexibility in the Dial Plan to check various attributes of a call that are not related to the SIP Protocol. This example is a Check IP Address. If the IP Address does not match, the SBC will respond with a 403 Forbidden. And then not process any remaining rules in the Dial Plan.
Description: Enter a description. Check IP
Rank: Enter 10. Dial Plan rules start at 1 and search up, starting at 10 lets you add more Rules below in the future.
Matching: Select ALL. This will make the Rule look for all of the Conditions
Stop Policy: Select "Stop on Failure". If the condition is not matched, then no more Rules will be processed.
Condition:Â Select "SIP Call Information" - this has a selection of parameters specific to call information
Name: Select "Remote Network IP". This is the Source IP Address.
Expression: Enter the IP Address of the IP-PBX. 192.168.77.112
Actions to perform if condition matches:Â Action:Â Nothing entered here, we are only looking for the Unmatch. Â Â
Actions to perform if condition doesn’t match: Action: Select "Respond.  Code: Select "403 Forbidden"
Â
Press Save
Â
Once "Check IP" in saved, click Add to insert another Dial Plan Rule.
Â
This next Dial Plan Rule is most important, as it 'bridges' the Outbound Call from the IP-PBX to the SIPStation - SIP Trunk Profile that was defined earlier.
Description: Enter a description. Bridge to SIPStation
Rank: Enter 20. Using 20 lets you add more Rules in between 10 and 20 in the future.
Matching: Select ALL. This will make the Rule look for all of the Conditions
Stop Policy: Select "Stop on Success". If the condition is matched, then no more Rules will be processed.
Condition:Â Select "Standard Information" - this has a selection of most popular parameters
Name: Select "Destination Address". This is the Dialed Number in the R-URI address.
Expression: Enter (.*). Open Parenthesis Dot Asterisk Close Parenthesis - a Regular Expression to define to match any number dialed
Actions to perform if condition matches: Action: Bridge to Trunk Trunk: Select "SIPStation" - this is the SIP Trunk Profile defined earlier for SIPStation destination. Destination: Enter $1 This mean use first variable within the first set of Parenthesis defined in the expression.
Actions to perform if condition doesn’t match: Action: Not Selected. Â
Â
Â
Press Save
Â
Your Call Routing should now look like this for Outbound Calls to SIPStation.
Â
Â
Â
Â
Inbound Calling
Click the Add button in the Basic Call Routing section to add a new routing plan.
Â
Give the Dial Plan a name. Inbound_Calling - then click Add.Â
Â
Basic Call Routing Setup
Display Name:Â Give any name:Â Inbound_Calling
Description: Give any description. Inbound_Calling
Trace Call:Â Enable is helpful when problems occur.
Default Response:Â Select 404
Â
Â
Once in the new routing plan click Add to add a new rule.Â
Â
This very next Dial Plan Rule is a redundant Dial Plan, when ACL is in place.  But this shows some extra flexibility in the Dial Plan to check various attributes of a call that are not related to the SIP Protocol. This example is a Check IP Address. If the IP Address does not match, the SBC will respond with a 403 Forbidden. And then not process any remaining rules in the Dial Plan.
Description: Enter a description. Check IP
Rank: Enter 10. Dial Plan rules start at 1 and search up, starting at 10 lets you add more Rules below in the future.
Matching: Select ANY. This will make the Rule look for any of the Conditions
Stop Policy: Select "Stop on Failure". If the condition is not matched, then no more Rules will be processed.
Condition:Â Select "SIP Call Information" - this has a selection of parameters specific to call information
Name: Select "Remote Network IP". This is the Source IP Address.
Expression: Enter the IP Address of SIPStation. 192.159.66.3
Click the Plus and add the other IP Address. 162.253.134.142
Actions to perform if condition matches:Â Action:Â Nothing entered here, we are only looking for the Unmatch. Â Â
Actions to perform if condition doesn’t match: Action: Select "Respond.  Code: Select "403 Forbidden"
Â
Â
Press Save
Â
Once "Check IP" in saved, click Add to insert another Dial Plan Rule.
Â
Â
This next Dial Plan Rule is most important, as it 'bridges' the Inbound Call from SIPStation to the IP-PBX - SIP Trunk Profile that was defined earlier.
Description: Enter a description. Bridge to IP-PBX
Rank: Enter 20. Using 20 lets you add more Rules in between 10 and 20 in the future.
Matching: Select ALL. This will make the Rule look for all of the Conditions
Stop Policy: Select "Stop on Success". If the condition is matched, then no more Rules will be processed.
Condition:Â Select "Standard Information" - this has a selection of most popular parameters
Name: Select "Destination Address". This is the Dialed Number in the R-URI address.
Expression: Enter (.*). Open Parenthesis Dot Asterisk Close Parenthesis - a Regular Expression to define to match any number dialed
Actions to perform if condition matches: Action: Bridge to Trunk Trunk: Select "IP-PBX" - this is the SIP Trunk Profile defined earlier for the IP-PBX destination. Destination:  Enter $1 This mean use first variable within the first set of Parenthesis defined in the expression.
Actions to perform if condition doesn’t match: Action: Not Selected. Â
Â
Â
Â
Press Save
Â
Your Call Routing should now look like this for Inbound Calls to the IP-PBX.
Â
Â
Â
Signaling | SIP Profile
Two SIP Profiles were created earlier. We need to go back and assign the appropriate Call Routing Dial Plan to the correct SIP Profile. The Inbound_Calling Dial Plan is assigned to the SIPStation_External SIP Profile, as calls from the SIPStation will will be going Inbound_Calls to bridge to the IP-PBX. And the other direction, the IP-PBX will call the IP-PBX_Internal SIP Profile which will go to the Outbound_Calling Dial Plan, which will bridge the call to the SIPStation.
Â
IP-PBX_Internal SIP Profile
Now that both routing plans are made go to Configuration | Signaling | SIP Profiles and modify the IP-PBX_Internal SIP profile.Â
Under Session Routing change the Routing Plan to Outbound_Calling. Then click Save to continue.Â
Â
SIPStation_External SIP Profile
Modify the SIPStation_External SIP profile.Â
Under Session Routing change the Routing Plan to Inbound_Calling. Then click Save to continue.
Â
Apply Configuration
You are Done. Time to save your efforts.
Â
Â
Or Here
Â
Finalizing the Installation
Starting the SBC application and other useful features on the SBC.
Â
Go to Overview -> Dashboard -> Control Panel and Start the following services.
Vega Session Controller
IP Firewall
Intrusion Detection
Intrusion Prevention
Â
Enable all IDS rules by going to Configuration -> Security -> Intrusion Detection and ensuring all are checked. Once done click Update to apply the changes.
Â
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface.
Â
In this example eth1 is the internal network interface. Once done click Save.
Â
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. Now both the web server and SSH will only be available on your internal network.
Â
Since the configuration is now completed get a backup. Go to System -> Management -> Backup-Restore and click Backup.
Â
Name the file accordingly and click backup to download a copy. Ensure you keep this safe somewhere and always take a new backup after each change made to the SBC.Â
Â
Â