Application Note

Public

Direct Routing for Microsoft

Phone System with Cisco
Unified Border Element
(CUBE) v12.8.0

23 July, 2020

© 2020 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Contents
Introduction .................................................................................................................................................. 4
Network Topology......................................................................................................................................... 5
Direct Routing for Microsoft Phone System and CUBE Settings........................................................... 5
Tested System Components ......................................................................................................................... 6
Hardware .................................................................................................................................................. 6
Software .................................................................................................................................................... 6
Tested Features............................................................................................................................................. 7
Features Supported .................................................................................................................................. 7
Features Not Supported............................................................................................................................ 7
Caveats ...................................................................................................................................................... 8
Configuring Cisco Unified Border Element for Microsoft Phone System ..................................................... 9
Prerequisites ............................................................................................................................................. 9
Licensing.................................................................................................................................................... 9
IP Networking.......................................................................................................................................... 10
Route To Phone System & Internet .................................................................................................... 10
Route To PSTN-Verizon ....................................................................................................................... 10
Domain Name ..................................................................................................................................... 10
DNS Servers ......................................................................................................................................... 10
NTP Servers ......................................................................................................................................... 10
Certificates .............................................................................................................................................. 11
Generate RSA key................................................................................................................................ 12
Create SBC Trustpoint ......................................................................................................................... 12
Generate Certificate Signing Request (CSR) ....................................................................................... 12
Authenticate CA Certificate ................................................................................................................ 12
Import signed host certificate ............................................................................................................. 13
Specify the default trust point and TLS version with SIP-UA defaults ................................................ 13
Trusted CA trust point for Baltimore .................................................................................................. 13
Global CUBE settings ............................................................................................................................... 13
Call Admission Control ............................................................................................................................ 14
Message Handling Rules ......................................................................................................................... 14
SIP Profiles: Manipulations for outbound messages to PSTN trunk ................................................... 14
SIP Profiles: Manipulations for outbound messages to Phone System .............................................. 15
SIP Profiles: Manipulations for inbound messages from Phone System ............................................ 16

© 2020 Cisco Systems, Inc. All rights reserved. Page 2 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 SIP Profiles: Message Manipulations for REFER INVITE to Phone System .......................................... 16
SIP header Pass-through list ............................................................................................................... 17
Options Keepalive ................................................................................................................................... 17
SRTP Crypto ............................................................................................................................................. 17
Phone System Tenant ............................................................................................................................. 17
PSTN Trunk Tenant.................................................................................................................................. 18
Number translation rules ........................................................................................................................ 18
From PSTN translation rule with non +E164 ....................................................................................... 18
From Phone System translation rule with +E164 ............................................................................... 18
Codecs ..................................................................................................................................................... 19
Dial peers ................................................................................................................................................ 19
Outbound Dial-peer to the PSTN using UDP with RTP........................................................................ 19
Inbound Dial-peer from the PSTN using UDP with RTP ...................................................................... 19
Outbound Dial-peers to Phone System using TLS with SRTP.............................................................. 19
Inbound Dial-peer from Phone System using TLS with SRTP .............................................................. 21
Outbound Dial-peer to Phone System for REFER using TLS with SRTP ............................................... 21
Privacy Headers................................................................................................................................... 22
Configuration example............................................................................................................................ 22
Microsoft Phone System Direct Routing configuration .............................................................................. 31
Create Users in Microsoft 365 ................................................................................................................ 31
Configure Calling policy in Microsoft Teams Admin Center. .............................................................. 36
Configure Caller ID policy in Microsoft Teams Admin Center. ............................................................... 36
Configure User parameters using PowerShell. ....................................................................................... 37
Create an Online PSTN Gateway ............................................................................................................. 38
Configure Online PSTN usage ................................................................................................................. 39
Configure Voice Route ............................................................................................................................ 39
Configure Online Voice Routing Policy ................................................................................................... 39
Acronyms .................................................................................................................................................... 41
Important Information ................................................................................................................................ 42

© 2020 Cisco Systems, Inc. All rights reserved. Page 3 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Introduction
Customers using Microsoft Phone System have the option of connecting to the public telephony
network (PSTN) using a certified Session Border Controller (SBC), such as the Cisco Unified Border
Element (CUBE).
This application note describes a tested CUBE configuration for connecting Microsoft Phone System to
the PSTN using Verizon’s IP Trunking service. CUBE can be configured to connect with many service
providers offering SIP trunking services. Please refer to your service provider documentation and the
content provided at www.cisco.com/go/interoperability for guidance on how to adjust this tested
configuration to meet the specific requirements of your trunking service.
This document assumes the reader is knowledgeable with the terminology and configuration of Direct
Routing for Microsoft Phone System. Only CUBE configurations required for this tested solution are
presented. Feature configuration and most importantly the dial plan, are customer specific so must be
customized accordingly.
• This application note describes how to configure Direct Routing for Microsoft Phone System to the
PSTN (Verizon) via CUBE v12.8.0 [IOS-XE – 17.2.1r].
• Testing was performed in accordance with Direct Routing for Microsoft Phone System test
methodology with media bypass disabled and among features verified were – basic calls, DTMF
transport, blind transfer, consultative transfer, call forward, ad-hoc conference and hold/resume.
• The CUBE configuration detailed in this document is based on a lab environment that has been used
to detail the important settings required for successful interoperability with a simple dial plan.
Microsoft guidance for the configuration of call routing and policy in Phone System must be
followed to ensure calls compete as expected.

© 2020 Cisco Systems, Inc. All rights reserved. Page 4 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Network Topology

Figure 1 Network Topology

• The network topology includes the Microsoft Phone System, Teams client and CUBE. Microsoft
365 admin center is used to configure a gateway trunk associated with CUBE’s public FQDN.
Verizon was used as the service provider with a SIP trunk to CUBE using its public IP Address.
• SIP signaling used between CUBE and Microsoft Phone System Direct routing is over TLS and to
Verizon is over UDP transport.

Direct Routing for Microsoft Phone System and CUBE Settings

Setting Value

Transport from CUBE to MS Phone System TLS with SRTP

Transport from CUBE to Verizon UDP with RTP

Session Refresh YES

© 2020 Cisco Systems, Inc. All rights reserved. Page 5 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Tested System Components
The following components were used in the testing of this solution. Please refer to product
documentation for details of other supported options.

Hardware
• A Cisco ISR 4321 router was used for this tested solution. Any CUBE platform may be used
though, (refer to https://www.cisco.com/go/cube) for more information.
• Microsoft Windows computer (to run Microsoft Teams client)

Software
• CUBE-Version: 12.8.0 [IOS-XE 17.2.1r]
• Microsoft Office 365 Tenant with Phone System license
• Microsoft Teams desktop client version 1.3.00.12058

© 2020 Cisco Systems, Inc. All rights reserved. Page 6 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Tested Features
Features Supported
• Incoming and outgoing off-net calls using G.711 u-law
• Ad-hoc Conference
• Call hold & Resume
• Blind and Consultative Call transfer
• Call forward (all and no answer)
• DTMF (RFC2833)
• Microsoft Teams Calling number privacy

Features Not Supported

• RTCP multiplexing (RTCP-Mux)
• Comfort Noise generation
• RTCP generation when not provided by peer leg
• Fax (Not supported by Phone System)

© 2020 Cisco Systems, Inc. All rights reserved. Page 7 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Caveats
• The testing has been executed with Media Bypass disabled in Microsoft Phone System.
• For inbound calls towards Microsoft Phone System to work with ring back, 183 messages with
SDP are blocked in CUBE.
• CUBE sends History-info header to PSTN in all basic calls instead of sending it only on Call
forward and simultaneous ring calls.

• The Phone System tenant must be configured to generate ring back audio to the PSTN caller
during blind transfer.
• CUBE does not support RTCP multiplexing (rtcp-mux).
• CUBE will forward, but not generate RTCP.
• CUBE does not generate comfort noise (CN) towards Phone System clients when PSTN mutes
the call.

© 2020 Cisco Systems, Inc. All rights reserved. Page 8 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Configuring Cisco Unified Border Element for Microsoft Phone
System
This section details the aspects of CUBE configuration that are required to enable interworking with
Microsoft Phone System. This guidance should be used to either create a new or adapt an existing
configuration. A full configuration is also provided for reference.

The following formatting conventions are used in the remainder of this guide.
Cisco IOS Exec Commands
# show running-config
Cisco IOS Configuration Commands
hostname sbc1
Microsoft PowerShell commands
Get-CsOnlinePSTNGateway

Prerequisites
The following is required before adding CUBE as a Direct Routing Session Bordering Controller:
• Public, Internet routable IP address
• Fully Qualified Domain Name (FQDN) for CUBE from the same domain that is used by Phone
System.
• Public certificate for the CUBE FQDN issued by one of the Certificate Authorities supported by
Microsoft. Refer to Microsoft documentation for more information.

Licensing
Ensure that the appropriate licenses are enabled for using CUBE and TLS for the platform you are using.
You will need to save your configuration and reload the platform when changing feature licenses.
For Cisco ISR 1000 Series and Cisco 4000 Series routers, use the following commands:
license boot level uck9
license boot level securityk9
For Cisco Cloud Services Router 1000 Series virtual routers, configure both the feature and required
throughput levels. The following example uses 1Gbps through, select the appropriate level for the
number of calls anticipated. For high capacity solutions, increasing the memory configuration will also
require additional licensing.
license boot level ax
platform hardware throughput level MB 1000
platform memory add 4000
For Cisco ASR 1000 Series routers, use the following command:
license boot level advipservices

© 2020 Cisco Systems, Inc. All rights reserved. Page 9 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
IP Networking
Note: CUBE and service provider addresses used in this guide are fictional and provided for illustration
purposes only.
interface GigabitEthernet0/0/0
description towards Microsoft Phone System
ip address 192.0.2.2 255.255.255.0
!
interface GigabitEthernet0/0/1
description towards PSTN (Verizon)
ip address 203.0.113.2 255.255.255.0
!
ip tcp synwait-time 5

Route To Phone System & Internet

ip route 0.0.0.0 0.0.0.0 192.0.2.1

Route To PSTN-Verizon
ip route 19.51.100.0 255.255.255.0 203.0.113.1

Domain Name
Use the same domain name for the router as used for the Microsoft 365 tenant.
ip domain name example.com

DNS Servers
DNS must be configured to resolve addresses for Microsoft Direct Routing servers.
ip name-server 208.67.222.222 208.67.220.220

NTP Servers
Configure a suitable NTP source to ensure that the correct time is used by the platform.
ntp server 192.0.2.1

© 2020 Cisco Systems, Inc. All rights reserved. Page 10 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Certificates
Microsoft Phone System Direct Routing allows only TLS connections from SBCs for SIP traffic with a
certificate signed by one of the following trusted Certification Authorities. Certificate Authority choice
may vary in GCC and DoD (gov) environments.
• AffirmTrust
• AddTrust External CA Root
• Baltimore CyberTrust Root
• Buypass
• Cybertrust
• Class 3 Public Primary Certification Authority
• Comodo Secure Root CA
• Deutsche Telekom
• DigiCert Global Root CA
• DigiCert High Assurance EV Root CA
• Entrust
• GlobalSign
• Go Daddy
• GeoTrust
• Verisign, Inc.
• Starfield
• Symantec Enterprise Mobile Root for Microsoft
• SwissSign
• Thawte Timestamping CA
• Trustwave
• TeliaSonera
• T-Systems International GmbH (Deutsche Telekom)
• QuoVadis

Certificates with a wildcard in the certificate Subject Alternate Name field conforming to RFC2818 are
also supported. For more information, refer to the Microsoft documentation.
The following steps describe how to create and install a compatible certificate.

© 2020 Cisco Systems, Inc. All rights reserved. Page 11 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Generate RSA key
# crypto key generate rsa general-keys label sbc exportable
The name for the keys will be: sbc
Choose the size of the key modulus in the range of 512 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [1024]: 2048

% Generating 2048 bit RSA keys, keys will be exportable...
[OK] (elapsed time was 1 seconds)

Create SBC Trustpoint

crypto pki trustpoint sbc
enrollment terminal
fqdn sbc.example.com
subject-name cn=sbc.example.com
subject-alt-name sbc.example.com
revocation-check crl
rsakeypair sbc

Generate Certificate Signing Request (CSR)

crypto pki enroll sbc
% Start certificate enrollment..

% The subject name in the certificate will include: cn=sbc.example.com

% The subject name in the certificate will include: sbc.example.com
Display Certificate Request to terminal? [yes/no]: yes
Use this CSR to request a certificate from one of the supported Certificate authorities.

Authenticate CA Certificate
Enter the following command, then paste the CA certificate that verifies the host certificate into the
trust point (usually the intermediate certificate). Open the base 64 CER/PEM file with notepad, copy the
text, and paste it into the terminal when prompted:

crypto pki authenticate sbc

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself
Note: Refer the running configuration for the trust point of Root CA.

© 2020 Cisco Systems, Inc. All rights reserved. Page 12 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Import signed host certificate
Enter the following command then paste the host certificate into the trust point. Open the base 64
CER/PEM file with notepad, copy the text, and paste it into the terminal when prompted:
crypto pki import sbc certificate

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

Specify the default trust point and TLS version with SIP-UA defaults
sip-ua
no remote-party-id
retry invite 2
transport tcp tls v1.2
crypto signaling default trustpoint sbc
handle-replaces

Trusted CA trust point for Baltimore

Create the CA certificate trust point used to validate Microsoft Phone System TLS messages:
crypto pki trustpoint baltimore
enrollment terminal
revocation-check crl
Enter the following command then paste the CA certificate (download) into the trust point. Open the
base 64 CER/PEM file with notepad, copy the text, and paste it into the terminal when prompted:
crypto pki authenticate baltimore

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself
<Paste the Baltimore certificate>

Global CUBE settings

To enable CUBE with settings required to interwork with Microsoft Phone System, the following
commands must be entered:
voice service voip
ip address trusted list ! SIP messages allowed from these networks
ipv4 52.114.0.0 255.255.0.0 ! Microsoft cloud services
ipv4 19.51.100.0 ! Service Provider trunk
rtcp keepalive
address-hiding
mode border-element
allow-connections sip to sip

© 2020 Cisco Systems, Inc. All rights reserved. Page 13 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 no supplementary-service sip refer
supplementary-service media-renegotiate
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
session refresh
header-passing
error-passthru
conn-reuse
pass-thru headers 290
sip-profiles inbound
Explanation

Command Description

ip address trusted list Allows traffic from Phone System and the PSTN. Refer to
Microsoft documentation for address and port information to
use for firewall configuration.

allow-connections sip to sip Allow back to back user agent connections between two SIP
call legs

rtcp-keepalive Enables CUBE to send RTCP keepalive packets for the session
keepalive

handle-replaces Handles INVITEs with replaces. Required for Phone System

Call Admission Control

Call processing capacity for any CUBE instance will be influenced by several considerations, including
software version, features configured and the platform itself.
To ensure that calls continue to be processed reliably, we suggest that you configure Call Admission
Control as follows to reject calls when use of system resources exceeds 85%. Refer to the CUBE
Configuration Guide for further details.
call threshold global cpu-avg low 75 high 85
call threshold global total-mem low 75 high 85
call treatment on

Message Handling Rules

SIP Profiles: Manipulations for outbound messages to PSTN trunk
Message manipulations are required to:
1. Remove ICE candidate headers when Media Bypass is disabled in Phone System.

© 2020 Cisco Systems, Inc. All rights reserved. Page 14 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
2. Use SDP `inactive` instead of `sendonly` - This is a specific requirement for the PSTN trunk in this
case.

voice class sip-profiles 100

rule 10 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 20 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 30 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"

SIP Profiles: Manipulations for outbound messages to Phone System

The following sip profile is required to:
1. Replace CUBE IP address with Fully qualified domain names (FQDN) in both the ‘From’ and ‘Contact’
headers of INVITE and OPTIONS messages.
2. Set the audio SDP attribute to inactive instead of sendonly for calls on hold.
3. Set “user=phone” in all requests.
4. Add the “X-MS-SBC” header containing SBC version details in all request and response.
5. Set crypto life-time as 2^31 in all SDP sent from CUBE.

voice class sip-profiles 200

rule 10 request ANY sip-header Contact modify "@192.0.2.2:" "@sbc.example.com:"
rule 20 response ANY sip-header Contact modify "@192.0.2.2:" "@sbc.example.com:"
rule 30 request ANY sip-header SIP-Req-URI modify "sip:(.*):5061 (.*)"
"sip:\1:5061;user=phone \2"
rule 40 request ANY sip-header User-Agent modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 50 response ANY sip-header Server modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 60 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 70 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "192.0.2.2"
rule 80 request ANY sdp-header Audio-Attribute modify
"(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 90 response ANY sdp-header Audio-Attribute modify
"(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
To aid with support, Microsoft require the specific SBC model to be included in SIP messages. Select the
appropriate replacement string from the following options when configuring rules 40 and 50:

Platform Profile string

ISR1100 (any) "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR1100/\1"

ISR4321 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"

© 2020 Cisco Systems, Inc. All rights reserved. Page 15 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 ISR4331 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4331/\1"

ISR4351 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4351/\1"

ISR4431 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4431/\1"

ISR4451-X "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4451/\1"

ISR4461 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4461/\1"

CSR1000V "\1\x0D\x0AX-MS-SBC: Cisco UBE/CSR1000/\1"

ASR1001-X "\1\x0D\x0AX-MS-SBC: Cisco UBE/ASR1001X/\1"

ASR1002-X "\1\x0D\x0AX-MS-SBC: Cisco UBE/ASR1002X/\1"

ASR1004 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ASR1004/\1"

ASR1006/RP2 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ASR1000RP2/\1"

ASR1006/RP3 "\1\x0D\x0AX-MS-SBC: Cisco UBE/ASR1000RP3/\1"

SIP Profiles: Manipulations for inbound messages from Phone System

The following sip profile is required to:
1. Handle REFER and ensure that the subsequent INVITE is sent to the correct Phone System proxy.
2. Add a routing prefix to the user part of REFER To header to direct the subsequent INVITE to
Microsoft Phone System
3. Remove “ice-candidates” in SDP request and response, which are not required when Media Bypass
is disabled.
4. Ensure that the correct platform ID is used, as described above.

voice class sip-profiles 290

rule 10 request REFER sip-header From copy "@(.*com)" u04
rule 20 request REFER sip-header Refer-To modify "sip:\+(.*)@.*:5061"
"sip:+AAA\1@\u04:5061"
rule 30 request REFER sip-header Refer-To modify "<sip:sip.*:5061"
"<sip:+AAA@\u04:5061"
rule 40 response ANY sip-header Server modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 50 request ANY sdp-header Audio-Attribute modify "a=ice-.*"
"a=label:main-audio"
rule 60 request ANY sdp-header Attribute modify "a=ice-.*" "a=label:main-audio"

SIP Profiles: Message Manipulations for REFER INVITE to Phone System

With the above REFER-TO user part modification, the dial-peer 280 will be matched and the INVITE sent
to Phone System after removing the user part routing prefix.
voice class sip-profiles 280
rule 10 request INVITE sip-header SIP-Req-URI copy "@(.*:5061)" u01

© 2020 Cisco Systems, Inc. All rights reserved. Page 16 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 rule 20 request INVITE sip-header From copy "@(.*)>" u02
rule 30 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA@" "sip:"
rule 40 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA" "sip:+"
rule 50 request INVITE sip-header History-Info modify "<sip:\+AAA@" "<sip:"
rule 60 request INVITE sip-header History-Info modify "<sip:\+AAA" "<sip:+"
rule 70 request INVITE sip-header To modify "<sip:\+AAA@(.*)>" "<sip:\u01>"
rule 80 request INVITE sip-header To modify "<sip:\+AAA(.*)@.*>" "<sip:+\1@\u01>"
rule 90 request ANY sip-header Contact modify "@.*:" "@\u02:"
rule 100 response ANY sip-header Contact modify "@.*:" "@\u02:"
rule 110 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 120 response 200 sdp-header Session-Owner copy "IN IP4 (.*)" u03
rule 130 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "\u03"

SIP header Pass-through list

Pass-through Referred-By header to be used in the REFER INVITE send to Phone System
voice class sip-hdr-passthrulist 290
passthru-hdr Referred-By

Options Keepalive
To ensure that Contact and From headers include the SBC fully qualified domain name, the following
profile is used. Ensure that the appropriate platform ID is used, as described above.
voice class sip-profiles 299
rule 10 request OPTIONS sip-header From modify "<sip:192.0.2.2"
"<sip:sbc.example.com"
rule 20 request OPTIONS sip-header Contact modify "<sip:192.0.2.2"
"<sip:sbc.example.com"
rule 30 request OPTIONS sip-header User-Agent modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
!
voice class sip-options-keepalive 200
sip-profiles 299

SRTP Crypto
Used to set the crypto cipher for the Microsoft Phone System trunk.
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80

Phone System Tenant

Defines parameters for the trunk towards Phone System
voice class tenant 200
srtp-crypto 1

© 2020 Cisco Systems, Inc. All rights reserved. Page 17 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 localhost dns:sbc.example.com
session transport tcp tls
no referto-passing
bind all source-interface GigabitEthernet0/0/0
pass-thru headers 290
no pass-thru content custom-sdp
sip-profiles 200
sip-profiles 290 inbound
early-offer forced
block 183 sdp present

PSTN Trunk Tenant

Defines parameters for the trunk towards the PSTN
voice class tenant 100
options-ping 60
session transport udp
bind all source-interface GigabitEthernet0/0/1
no pass-thru content custom-sdp
sip-profiles 100
early-offer forced

Number translation rules

The following translation rules ensure that numbers presented to Microsoft Phone System are in +E164
format. Translation rules used for the PSTN trunk should format numbers in accordance with the SP
requirements.

From PSTN translation rule with non +E164

voice translation-rule 100
rule 1 /^\([2-9].........\)/ /+1\1/
!
voice translation-profile 100
translate calling 100
translate called 100

From Phone System translation rule with +E164

voice translation-rule 200
rule 1 /^\+1\(.*\)/ /\1/
!
voice translation-profile 200
translate calling 200
translate called 200

© 2020 Cisco Systems, Inc. All rights reserved. Page 18 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Codecs
Only the G711ulaw codec has been used for this tested configuration. Ensure that only codecs
supported by both PSTN and Microsoft Phone System are included in this configuration.
voice class codec 1
codec preference 1 g711ulaw

Dial peers
Outbound Dial-peer to the PSTN using UDP with RTP
dial-peer voice 100 voip
description outbound to PSTN
destination-pattern 21T
rtp payload-type comfort-noise 13
session protocol sipv2
session target ipv4:19.51.100.0:5088
voice-class codec 1
voice-class sip tenant 100
dtmf-relay rtp-nte
no vad

Inbound Dial-peer from the PSTN using UDP with RTP

voice class uri 190 sip
host ipv4:19.51.100.0
!
dial-peer voice 190 voip
description inbound from PSTN
translation-profile incoming 100
rtp payload-type comfort-noise 13
session protocol sipv2
incoming uri via 190
voice-class codec 1
voice-class sip tenant 100
dtmf-relay rtp-nte
no vad

Outbound Dial-peers to Phone System using TLS with SRTP

To ensure the correct failover order, the following prioritized dial peers are used. To simply
configuration, a common E164 pattern map defining all numbers and prefixes used by Phone System is
used for all 3 dial peers. The configuration for all three dial peers are the same, with the exception of
preference and Phone System proxy FQDN.
voice class e164-pattern-map 200

© 2020 Cisco Systems, Inc. All rights reserved. Page 19 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 e164 +17199T
!
!
dial-peer voice 200 voip
description towards Phone System Proxy 1
preference 1
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 201 voip
description towards Phone System Proxy 2
preference 2
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip2.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 202 voip
description towards Phone System Proxy 3
preference 3
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip3.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte

© 2020 Cisco Systems, Inc. All rights reserved. Page 20 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 srtp
fax protocol none
no vad

Inbound Dial-peer from Phone System using TLS with SRTP

The inbound dial-peer from Phone System is selected using the SBC FQDN as presented in the incoming
TO: header.
voice class uri 290 sip
host sbc.example.com
!
dial-peer voice 290 voip
description inbound from Microsoft Phone System
translation-profile incoming 200
rtp payload-type comfort-noise 13
session protocol sipv2
incoming uri to 290
voice-class codec 1
voice-class sip tenant 200
dtmf-relay rtp-nte
srtp
no vad

Outbound Dial-peer to Phone System for REFER using TLS with SRTP
To correctly handle call transfers, INVITEs following a REFER from Phone System, must be directed back
to Phone System. Inbound REFER messages are processed by dial peer 290 and the associated SIP
profile adds a routing prefix (AAA) to the refer-to header. The subsequent INVITE is therefore routed to
Phone System through the following dial peer after the routing prefix is removed.
dial-peer voice 280 voip
description Phone System REFER routing
destination-pattern +AAAT
rtp payload-type comfort-noise 13
session protocol sipv2
session target sip-uri
voice-class codec 1
voice-class sip profiles 280
voice-class sip tenant 200
voice-class sip requri-passing
dtmf-relay rtp-nte
srtp
no vad

© 2020 Cisco Systems, Inc. All rights reserved. Page 21 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Privacy Headers
Phone System can be configured to send privacy headers if required, using the following the command.
Set-CsOnlinePSTNGateway -Identity sbc1.be4000portal.com -ForwardPai $True
To forward the P-Asserted-Identity and Privacy headers sent from Phone System to the PSTN, add the
following configuration.
dial-peer voice 100 voip
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
This will reformat the P-Asserted-Identity header to use a sip:, rather than tel: URI on the PSTN leg and
include the Privacy header as provider from Phone System. In this case, the From header will be
anonymized, as follows:
From: <sip:[email protected]>;tag=1E5FC8C-1642
If your service provider requires the same format, but with the original caller details from Phone System
in place, consider the following alternative configuration:
dial-peer voice 100 voip
voice-class sip asserted-id pai
!
voice class sip-profiles 100
rule 40 request INVITE sip-header P-Asserted-Identity modify "(<.*>)"
"\1\x0D\x0APrivacy: id"

Configuration example
The following configuration contains a sample configuration of CUBE with all parameters detailed above.

version 17.2
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname sbc
!
boot-start-marker
boot system flash isr4300-universalk9.17.02.01r.SPA.bin
boot-end-marker
!
logging buffered 10000000
!
ip name-server 208.67.222.222 208.67.220.220
ip domain name example.com

© 2020 Cisco Systems, Inc. All rights reserved. Page 22 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
!
crypto pki trustpoint sbc
enrollment terminal
fqdn sbc.example.com
subject-name cn=sbc.example.com
subject-alt-name sbc.example.com
revocation-check crl
rsakeypair sbc
!
crypto pki trustpoint ROOT
enrollment terminal
revocation-check none
!
crypto pki trustpoint baltimore
enrollment terminal
revocation-check crl
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki certificate chain sbc
certificate 64B02D3A6D5DD499
certificate ca 07
crypto pki certificate chain ROOT
certificate ca 00
crypto pki certificate chain baltimore
certificate ca 020000B9
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
!
voice service voip
ip address trusted list
ipv4 52.114.0.0 255.255.0.0
ipv4 19.51.100.0
rtcp keepalive
address-hiding
mode border-element
allow-connections sip to sip
no supplementary-service sip refer
supplementary-service media-renegotiate
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
session refresh

© 2020 Cisco Systems, Inc. All rights reserved. Page 23 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 header-passing
error-passthru
conn-reuse
pass-thru headers 290
sip-profiles inbound
!
voice class uri 290 sip
host sbc.example.com
!
voice class uri 190 sip
host ipv4:19.51.100.0
!
voice class codec 1
codec preference 1 g711ulaw
!
voice class sip-profiles 100
rule 10 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 20 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 30 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
!
voice class sip-profiles 200
rule 10 request ANY sip-header Contact modify "@192.0.2.2:" "@sbc.example.com:"
rule 20 response ANY sip-header Contact modify "@192.0.2.2:" "@sbc.example.com:"
rule 30 request ANY sip-header SIP-Req-URI modify "sip:(.*):5061 (.*)"
"sip:\1:5061;user=phone \2"
rule 40 request ANY sip-header User-Agent modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 50 response ANY sip-header Server modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 60 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 70 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "192.0.2.2"
rule 80 request ANY sdp-header Audio-Attribute modify
"(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 90 response ANY sdp-header Audio-Attribute modify
"(a=crypto:.*inline:[A-Za-z0-9+/=]+)" "\1|2^31"
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
!
voice class sip-profiles 280
rule 10 request INVITE sip-header SIP-Req-URI copy "@(.*:5061)" u01
rule 20 request INVITE sip-header From copy "@(.*)>" u02
rule 30 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA@" "sip:"

© 2020 Cisco Systems, Inc. All rights reserved. Page 24 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 rule 40 request INVITE sip-header SIP-Req-URI modify "sip:\+AAA" "sip:+"
rule 50 request INVITE sip-header History-Info modify "<sip:\+AAA@" "<sip:"
rule 60 request INVITE sip-header History-Info modify "<sip:\+AAA" "<sip:+"
rule 70 request INVITE sip-header To modify "<sip:\+AAA@(.*)>" "<sip:\u01>"
rule 80 request INVITE sip-header To modify "<sip:\+AAA(.*)@.*>" "<sip:+\1@\u01>"
rule 90 request ANY sip-header Contact modify "@.*:" "@\u02:"
rule 100 response ANY sip-header Contact modify "@.*:" "@\u02:"
rule 110 request ANY sdp-header Audio-Attribute modify "a=sendonly" "a=inactive"
rule 120 response 200 sdp-header Session-Owner copy "IN IP4 (.*)" u03
rule 130 response 200 sdp-header Audio-Connection-Info modify "0.0.0.0" "\u03"
!
voice class sip-profiles 290
rule 10 request REFER sip-header From copy "@(.*com)" u04
rule 20 request REFER sip-header Refer-To modify "sip:\+(.*)@.*:5061"
"sip:+AAA\1@\u04:5061"
rule 30 request REFER sip-header Refer-To modify "<sip:sip.*:5061"
"<sip:+AAA@\u04:5061"
rule 40 response ANY sip-header Server modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
rule 50 request ANY sdp-header Audio-Attribute modify "a=ice-.*"
"a=label:main-audio"
rule 60 request ANY sdp-header Attribute modify "a=ice-.*" "a=label:main-audio"
!
voice class sip-profiles 299
rule 10 request OPTIONS sip-header From modify "<sip:192.0.2.2"
"<sip:sbc.example.com"
rule 20 request OPTIONS sip-header Contact modify "<sip:192.0.2.2"
"<sip:sbc.example.com"
rule 30 request OPTIONS sip-header User-Agent modify "(IOS.*)"
"\1\x0D\x0AX-MS-SBC: Cisco UBE/ISR4321/\1"
!
voice class sip-hdr-passthrulist 290
passthru-hdr Referred-By
!
voice class e164-pattern-map 200
e164 +17199T
!
!
voice class sip-options-keepalive 200
sip-profiles 299
!
voice class tenant 100
options-ping 60
session transport udp
bind control source-interface GigabitEthernet0/0/1

© 2020 Cisco Systems, Inc. All rights reserved. Page 25 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 bind media source-interface GigabitEthernet0/0/1
no pass-thru content custom-sdp
sip-profiles 100
early-offer forced
!
voice class tenant 200
srtp-crypto 1
localhost dns:sbc.example.com
session transport tcp tls
no referto-passing
bind control source-interface GigabitEthernet0/0/0
bind media source-interface GigabitEthernet0/0/0
pass-thru headers 290
no pass-thru content custom-sdp
sip-profiles 200
sip-profiles 290 inbound
early-offer forced
block 183 sdp present
!
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80
!
voice translation-rule 100
rule 1 /^\([2-9].........\)/ /+1\1/
!
voice translation-rule 200
rule 1 /^\+1\(.*\)/ /\1/
!
voice translation-profile 100
translate calling 100
translate called 100
!
voice translation-profile 200
translate calling 200
translate called 200
!
voice-card 0/4
dsp services dspfarm
no watchdog
!
license accept end user agreement
license boot level uck9
license boot level securityk9
license smart transport callhome

© 2020 Cisco Systems, Inc. All rights reserved. Page 26 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
memory free low-watermark processor 67178
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description towards Microsoft Phone System
ip address 192.0.2.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/1
description towards PSTN (Verizon)
ip address 203.0.113.2 255.255.255.0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
ip forward-protocol nd
ip tcp synwait-time 5
ip route 0.0.0.0 0.0.0.0 192.0.2.1
ip route 19.51.100.0 255.255.255.0 203.0.113.1
!
no logging trap
!
dial-peer voice 100 voip
description outbound to PSTN
destination-pattern 21T
rtp payload-type comfort-noise 13
session protocol sipv2
session target ipv4:19.51.100.0:5088
voice-class codec 1
voice-class sip tenant 100

© 2020 Cisco Systems, Inc. All rights reserved. Page 27 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 dtmf-relay rtp-nte
no vad
!
dial-peer voice 190 voip
description inbound from PSTN
translation-profile incoming 100
rtp payload-type comfort-noise 13
session protocol sipv2
incoming uri via 190
voice-class codec 1
voice-class sip tenant 100
dtmf-relay rtp-nte
no vad
!
dial-peer voice 200 voip
description towards Phone System Proxy 1
preference 1
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 201 voip
description towards Phone System Proxy 2
preference 2
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip2.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!

© 2020 Cisco Systems, Inc. All rights reserved. Page 28 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
dial-peer voice 202 voip
description towards Phone System Proxy 3
preference 3
rtp payload-type comfort-noise 13
session protocol sipv2
session target dns:sip3.pstnhub.microsoft.com
destination e164-pattern-map 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip options-keepalive profile 200
dtmf-relay rtp-nte
srtp
fax protocol none
no vad
!
dial-peer voice 280 voip
description Phone System REFER routing
destination-pattern +AAAT
rtp payload-type comfort-noise 13
session protocol sipv2
session target sip-uri
voice-class codec 1
voice-class sip profiles 280
voice-class sip tenant 200
voice-class sip requri-passing
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 290 voip
description inbound from Microsoft Phone System
translation-profile incoming 200
rtp payload-type comfort-noise 13
session protocol sipv2
incoming uri to 290
voice-class codec 1
voice-class sip tenant 200
dtmf-relay rtp-nte
srtp
no vad
!
sip-ua
no remote-party-id
retry invite 2

© 2020 Cisco Systems, Inc. All rights reserved. Page 29 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 transport tcp tls v1.2
crypto signaling default trustpoint sbc
handle-replaces
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 60 0
login
transport preferred telnet
transport input telnet
!
call-home
! If contact email address in call-home is configured as sch-smart-
[email protected]
! the email address configured in Cisco Smart License Portal will be used as contact
email address to send SCH notifications.
contact-email-addr [email protected]
profile "CiscoTAC-1"
active
destination transport-method http
ntp server 192.0.2.1
!
end

© 2020 Cisco Systems, Inc. All rights reserved. Page 30 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Microsoft Phone System Direct Routing configuration
Create Users in Microsoft 365
The following steps illustrate how to create a user in the Microsoft 365 portal
Login into http://portal.office.com/ using your Microsoft 365 tenant administrator credentials

Figure 2 Office 365 Portal login

Select the Admin Icon in Office 365 to login Microsoft 365 Admin Center.

Figure 3 Navigating to Microsoft 365 Admin Center

Select “Add a user” from the Microsoft 365 Admin Center as shown below

© 2020 Cisco Systems, Inc. All rights reserved. Page 31 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 Figure 4 Microsoft 365 Admin Center

Enter the user details, password and assign required license to the users then Click Add

Figure 5 Teams user creation

Select the Admin icon from the Microsoft 365 Admin center home page and navigate to Microsoft
Teams admin center as shown below

© 2020 Cisco Systems, Inc. All rights reserved. Page 32 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 Figure 6 Microsoft 365 Admin Center to Teams Admin Center

Select Users from the Microsoft Teams Admin Center to view the list of available users

Figure 7 Users in Microsoft Teams Admin Center

Search for the user created and click on the user display name to view user properties as shown below

© 2020 Cisco Systems, Inc. All rights reserved. Page 33 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 Figure 8 Users in Microsoft Teams Admin Center-cont.,

Under user properties, navigate to Accounts and set the Teams upgrade mode to Teams only

Figure 9 Upgrade Users to Teams only mode

Under user properties, navigate to Policies and set the Calling Policy as shown below. Here in the below
example custom policy “Busy on Busy enabled” is assigned to user. Procedure to create custom policy is
shown in the next section

© 2020 Cisco Systems, Inc. All rights reserved. Page 34 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 Figure 10 Assigning Calling Policies to Teams User

Under user properties, navigate to Policies and set the Caller ID Policy as shown below. In this example,
caller ID policy “Anonymoustest” is assigned to user. The procedure to create a custom policy is shown
in the next section

Figure 11 Assigning Caller ID policy to Teams User

© 2020 Cisco Systems, Inc. All rights reserved. Page 35 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Configure Calling policy in Microsoft Teams Admin Center.
To configure a custom policy, navigate to Microsoft Teams admin center > Voice > Calling Policies > New
policy.

Figure 12 Calling Policies configuration

Create calling policy to turn on Busy on Busy. Click save to complete the configuration

Figure 13 Enable Busy on Busy in Calling Policy

Configure Caller ID policy in Microsoft Teams Admin Center.

To configure a Caller ID policy, navigate to Microsoft Teams admin center > Voice > Caller ID Policies >
Add

© 2020 Cisco Systems, Inc. All rights reserved. Page 36 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
 Figure 14 Caller ID Policies Configuration

Enter the caller ID policy Name and select the “Replace the Caller ID with Anonymous”. Click save to
complete the configuration

Figure 15 Select Anonymous for the Replace caller ID with

Configure User parameters using PowerShell.

Open Windows PowerShell installed with Azure Active Directory modules and connect to Microsoft 365
Tenant.

© 2020 Cisco Systems, Inc. All rights reserved. Page 37 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Note: The following actions may also be completed using Microsoft Teams admin center.
Use the following commands to set DID and enable Enterprise Voice, Hosted Voicemail and LineURI for
Teams users.
Set-CsUser -Identity "<User name>" -EnterpriseVoiceEnabled $true -HostedVoiceMail
$true -OnPremLineURI <E.164 phone number with tel: prefixed>
Example:
Set-CsUser -Identity "[email protected]" -EnterpriseVoiceEnabled $true -
HostedVoiceMail $true
-OnPremLineURI tel:12223331234

Create an Online PSTN Gateway

Using your administrator account, connect to the remote PowerShell of your Microsoft 365 tenant
New-CsOnlinePSTNGateway -Fqdn <SBC FQDN> -SipSignallingPort <SBC SIP Port> -
ForwardCallHistory $true -ForwardPai $true -MaxConcurrentSessions <Max Concurrent
Sessions the SBC can handle> -Enabled $true
After creating an Online PSTN Gateway use “Get-CsOnlinePstnGateway” command to view the online
PSTN gateway details. Gateway Identity must be a valid FQDN for the Microsoft 365 tenant to reach
CUBE.
For example:
New-CsOnlinePSTNGateway -Fqdn sbc.example.com -SipSignallingPort 5061
-ForwardCallHistory $False -ForwardPai $true -MaxConcurrentSessions 100 -Enabled
$true
Use the following command to view the settings for the new SBC.
PS C:\WINDOWS\system32> Get-CsOnlinePSTNGateway sbc.example.com
Identity : sbc.example.com
InboundTeamsNumberTranslationRules : {}
InboundPstnNumberTranslationRules : {}
OutboundTeamsNumberTranslationRules : {}
OutboundPstnNumberTranslationRules : {}
Fqdn : sbc.example.com
SipSignalingPort : 5061
FailoverTimeSeconds : 10
ForwardCallHistory : False
ForwardPai : True
SendSipOptions : True
MaxConcurrentSessions : 100
Enabled : True
MediaBypass : False
GatewaySiteId :
GatewaySiteLbrEnabled : False

© 2020 Cisco Systems, Inc. All rights reserved. Page 38 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
GatewayLbrEnabledUserOverride : False
FailoverResponseCodes : 408,503,504
GenerateRingingWhileLocatingUser : True
PidfLoSupported : False
MediaRelayRoutingLocationOverride :
ProxySbc :
BypassMode : None

Configure Online PSTN usage

Use the following command to add a new PSTN usage policy.
Set-CsOnlinePstnUsage -identity Global -Usage @{Add="<usage name>"}
For example:
Set-CsOnlinePstnUsage -identity Global -Usage @{Add="Unrestricted"}
The following command may be used to view the policy.
PS C:\WINDOWS\system32> Get-CsOnlinePstnUsage
Identity : Global
Usage : {PSTN usage record Unrestricted}

Configure Voice Route

Use the following command to add a new Voice Route and associate it with an SBC and usage policy.
New-CsOnlineVoiceRoute -Identity "<Route name>" -NumberPattern ".*"
OnlinePstnGatewayList "<SBC FQDN>" -Priority 1 -OnlinePstnUsages "<PSTN usage name>"
For example:
New-CsOnlineVoiceRoute -Identity "USA" -NumberPattern "\+1.*" OnlinePstnGatewayList
"sbc.example.com" -Priority 1 -OnlinePstnUsages "Unrestricted"
After creating online voice route use the following command to view the online voice route details. Here
we can see the association of PSTN usage with the PSTN gateway. Example is shown below
PS C:\WINDOWS\system32> Get-CsOnlineVoiceRoute -Identity USA
Identity : USA
Priority : 1
Description :
NumberPattern : \+1.*
OnlinePstnUsages : {Unrestricted}
OnlinePstnGatewayList : {sbc1.cube-tme.com}
Name : USA

Configure Online Voice Routing Policy

Create a new online Voice Routing Policy using the following command

© 2020 Cisco Systems, Inc. All rights reserved. Page 39 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
New-CsOnlineVoiceRoutingPolicy "<policy name>" -OnlinePstnUsages "<pstn usage name>"
For Example:
New-CsOnlineVoiceRoutingPolicy "VRPolicy" -OnlinePstnUsages "Unrestricted"
After creating a Voice Routing Policy use the following command to view its properties.
PS C:\WINDOWS\system32> Get-CsOnlineVoiceRoutingPolicy -Identity VRPolicy
Identity : Tag:VRPolicy
OnlinePstnUsages : {Unrestricted}
Description :
RouteType : BYOT
Associate Teams users with a voice routing policy using the following command.
Grant-CsOnlineVoiceRoutingPolicy -Identity "<User name>" -PolicyName "<policy name>"
For example:
Grant-CsOnlineVoiceRoutingPolicy -Identity "<User name>" -PolicyName "<policy name>"

© 2020 Cisco Systems, Inc. All rights reserved. Page 40 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Acronyms

Acronym Definitions
CUBE Cisco Unified Border Element
PSTN Public Switched Telephone Network
CN Comfort Noise
MS Teams Microsoft Teams
SBC Session Border Controller

© 2020 Cisco Systems, Inc. All rights reserved. Page 41 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Important Information

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE

WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO

BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE

FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. IN NO EVENT SHALL CISCOOR ITS SUPPLIERS BE

LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT

LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS

MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

© 2020 Cisco Systems, Inc. All rights reserved. Page 42 of 42

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com