3 Replies

  • We were able to connect our 3CX PBX using SIP trunk over internet on our existing fiber connection by following steps.

    1) Created 1:1 static NAT on our firewall (Internal 3CX IP NATed to one public IP address)

    2) Created firewall rule to only accept SIP connection from our ISP's IP address, block everything else.

    3) Create security rule or access control list to only allow SIP port ranges

    4) Setup 3CX SIP config to match SIP info given to us by our ISP

    5) Run SIP test on your 3CX to make sure everything passes on your side. 

    It did take little bit to get us working but once it started working it is stable.

    Was this post helpful? thumb_up thumb_down
  • liammartin82 wrote:

    Hi all,

    I'm just trying to get my head around SIP trunk - IP PBX connectivity, as we're due to finally move away from ISDN lines very soon.
    A couple of quick questions I hope I can get some help on-

    - We're in the public sector so our 2 main fibre internet links are supplied by BT through PSBA, and they terminate in our server room on BT's own kit (Only they can perform config changes on it).
    If we had a SIP trunk/channels added on to this internet line would the initial config and SIP trunk registration need to be done our own Cisco core routers?

    - If we're moving to SIP only telephony, and potentially coming off of CUCM as our VoIP solution, do we still definitely need CUBE licenses on our core routers. Or is there a more basic config option for SIP trunks on Cisco routers that bypasses CUBE? (They cost an absolute bomb)

    - Off the back of that, am I right in thinking that if we're moving solely onto SIP trunks for our external telephony requirements, we would have no need for a separate voice gateway anymore?

    - We're liking the look of 3CX and might move onto that from our current very very old CUCM set up. I'm assuming our core switch could directly connect via Ethernet to the VM server running 3CX, there's no need for any other devices in-between the two. (Firewall checks would obviously be taken into account)

    Thanks for any help you might be able to provide. :)

    High level summary: The PBX (or SBC see below) needs to connect to the remote SIP trunk provider. This requires IP connectivity to the trunk provider. If an internet service then this will need to get from your private network to the internet - perhaps through a firewall.
    Generically you can connect some PBX systems directly to a remote SIP trunk, others require an SBC (see below).

    Some more specific detail:

    Voice gateway - if this connects to the ISDN only then you will not need it, but if it also connects / provides internal analogue then you still need it.
    IP routing and NAT - you mention your core routers/switches - It is hard to advise without knowing the detail but if the SIP trunk is to be accessed via the internet then one key thing is the move from internal network to external internet - do you use a firewall for this or a router? SIP is not straight forward to NAT as within the SIP message are the IP or endpoints so the solution needs to be aware of SIP. It is possible to do on some firewalls - or SBC can solve the problem.
    CUBE - this is a Cisco SBC session border controller - you may or may not need or want it. Typically you use an SBC as a boundary, think of it as a proxy - so it can allow internal system to talk to external. CUCM can connect directly to a SIP trunk but does not support authentication - so if the provider requires you to authenticate then direct from CUCM is not possible. CUBE is one answer - but also any generic SBC or another PBX.
    So the cube vs core router etc will all be dependent on current network and solution chosen.
    " IP trunk registration need to be done our own Cisco core routers" this would only apply if the ccore router was to act as a CUBE. as above the SIP registration can be done directly from CUCM (without auth) or another system. a 'router' does not register the trunk just route traffic, if the router also happens to be a CUBE then it is the CUBE bit registering the trunk not the 'router' bit. confused yet?

    If you think you might go 3cxs in the future or other system would not invest in CUBE licence. A simple solution is to create an asterix vm and use this to connect the external SIP trunk - then trunk this internally to CUCM. This is flexible and will help migrate to another system in the future. (could use 3cx also, but asterix is the gold standard open source pbx).
    If your firewall can support SIP then the asterix can use internal private ip addressing, or you could install it with 2 nics one using public IP and one private - effectively making it an SBC.

    Was this post helpful? thumb_up thumb_down
  • Sanpatel,

    Some vendors have made the transition from ISDN PRI to SIP much simpler with their IP PRI solution:

    - No need to purchase SIP Licenses with your existing phone system

    - No need to purchase SBC (often go from $2k-$4k)

    - Works with your existing phone system as is since hand off looks like ISDN PRI

    - MAY even work with analog devices like faxes using T.38 (but don't count on this and look for alt. solutions like Ooma or eFax)

    Check out vendors like 123.net, Telnet or reach out to me if you are looking for a local vendor you'd like to work with (BTW, I'm an independent Consultant so I don't get a commission)

    Was this post helpful? thumb_up thumb_down

Read these next...

  • Cloud storage to share video files 5TB and larger

    Cloud storage to share video files 5TB and larger

    Data Storage, Backup & Recovery

    I assisting a company that is looking for cloud storage for large video files so they can upload the videos at one site and download them at another.The current solution is manually shipping usb hard drives with the video files which are around 5TB or lar...

  • Spark! Pro Series - 28th September 2022

    Spark! Pro Series - 28th September 2022

    Water Cooler

    Today in History: 1980 Carl Sagan's 13 part "Cosmos" premieres on PBSAstronomer Carl Sagan's landmark 13-part science series takes you on an awe-inspiring cosmic journey to the edge of the Universe and back aboard the spaceship of the imagination.The seri...

  • Win 10 Lock screen showing wrong name, after name change

    Win 10 Lock screen showing wrong name, after name change


    I have a strange thing happening with a remote laptop after I changed her name.So, everything is changed in AD and setup correctly.  So, I like to simplify things for my users so when i change names I do the following: change names in AD username email ...

  • Best Practice Enterprise Wiping Devices Before New User

    Best Practice Enterprise Wiping Devices Before New User


    Hello all.As I am sitting here wiping laptops for one of my sites, in preparation for any new users that start.I got to thinking, what is the best practice for re-deploying previously used laptops in an enterprise environment? I was curious how ya'll hand...

  • Tech & End User Expectations

    Tech & End User Expectations

    Best Practices & General IT

    Hey all!We are an IT team of 10 in a school district, and there have been some recent (and not so recent) issues with techs being snarky, end users being snarky, etc.We are trying to turn a new leaf, and want to come up with a set of expectations for the ...