Configuration

20
7-
-0
20
o_
ol
ic
en
Content
_G
do

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
an
rn

1 Admin Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Fe
._

1.1 Local management login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

_L

1.2 Users and permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

EN

1.3 Menu tree overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

00
EN

1.4 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
40

1.5 Help files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

88
EN

2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1 OpenScape Voice Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1.1 Creating Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1.2 Adding the SBC to the OpenScape Branch Assistant . . . . . . . . . . . . . 22
2.2 Network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.2.1 Ethernet port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.2.2 IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.2.3 Realm Profile configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.2.4 Ethernet Bonding (NIC Redundancy) . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.2.5 Default gateway / static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.2.6 Near-End NAT Firewall (if used) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.3 Date / Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
2.4 DNS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 1
FN9850FN10FN_TBAZZZAIMHY
 2.5 Connecting the SBC to the OpenScape Voice. . . . . . . . . . . . . . . . . . . . . . . . . 42
2.5.1 OpenScape Voice Simplex scenario . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.5.2 OpenScape Voice active-standby scenario. . . . . . . . . . . . . . . . . . . . . 44
2.5.3 OpenScape Voice connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.5.4 SBC timers and thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.5.5 Preserved SIP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.6 License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3 Remote Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.1 OpenScape SBC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.1.1 Remote subscriber provisioning: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.1.2 Optional: Remote Subscriber Settings . . . . . . . . . . . . . . . . . . . . . . . . 58
3.1.3 Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

20
3.1.4 Emergency Call Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

7-
-0
3.2 Subscriber configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

20
3.2.1 Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

o_
ol
3.3 Phone Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
ic
en
3.4 Remote Subscribers configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
_G

4 Remote Endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
do
an

4.1 Gateway directly behind the SBC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

rn

4.2 Remote Branch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Fe
._

4.2.1 Remote Branch direct behind the OpenScape SBC (static IP) . . . . . . 82
_L

4.2.1.1 OpenScape Branch - Gateway behind Proxy . . . . . . . . . . . . . . . . . . . . . 85

EN

4.2.2 Remote Branch behind NAT device connected to the SBC . . . . . . . 101
00

4.2.2.1 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

EN

4.2.3 Remote Branch via OpenScape Branch SBC Mode . . . . . . . . . . . . . . 110

40

4.2.3.1 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

88
EN

5 SSP Connection . . . . . . . . . . . .
.. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.1 CSBC configuration . . . . . . . . . .
.. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
5.1.1 Network/QoS . . . . . . . .
.. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
5.1.2 Remote Endpoint . . . . .
.. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
5.1.2.1 SIP Service Provider Profile .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
5.1.2.2 Remote EP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
5.1.2.3 Registration Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
5.1.3 SSP with TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
5.1.3.1 Preparing and Installing TLS Certificates . . . . . . . . . . . . . . . . . . . . . . 144
5.1.3.2 Media Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

2 Configuration
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
02.2019
FN9850FN10FN_TBAZZZAIMHY
 5.2 Phone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
5.3 OSV configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
5.3.1 Office Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
5.3.2 Endpoint Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
5.3.3 Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
5.3.4 Presenting Numbers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
5.3.5 Sending Numbers without leading „0“ . . . . . . . . . . . . . . . . . . . . . . 162
5.3.6 Avoiding Re-Invite during Session Refresh . . . . . . . . . . . . . . . . . . . 163
5.3.7 Optional Features: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
5.4 OS4k configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
5.4.1 DLAN example - credentials/contract: . . . . . . . . . . . . . . . . . . . . . . . 164
5.4.2 OS4k with SBC technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

20
5.4.3 Gateway Configuration via CLI and AMO‘s . . . . . . . . . . . . . . . . . . . 167

7-
5.4.4 Gateway Configuration in LCR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

-0
5.4.5 Gateway Configuration in Web Based Management (WBM) . . . . . . 170

20
5.4.6 Special settings for SSP Telekom Deutschland . . . . . . . . . . . . . . . . 172

o_
ol
6 ic
Media Transcoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
en
6.1 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
_G
do

7 Emergency Calling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

an

7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

rn
Fe

7.2 E911 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

._
_L

7.3 E911 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

EN

7.3.1 Remote Location (OpenScape SBC) . . . . . . . . . . . . . . . . . . . . . . . . . 192

00

7.3.2 OpenScape Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

EN

7.3.2.1 Emergency Calling Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

40

7.3.2.2 PAC for E911 Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

88

7.3.2.3 Destination Code for E911 Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

EN

8 OSB with local Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

8.1 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
8.1.1 CSBC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
8.1.2 OSV configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
8.1.3 OSB configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 3
FN9850FN10FN_TBAZZZAIMHY
 20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

4 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Preface

Preface

Content of Module • Following sections describe the implementation of Remote Subscribers

and Remote Endpoints connected via SBC to the OSV in a theoretical and
practical manner.
Topics like NAT-Throttling, Media Transcoding and Media behaviour inclu-
ded.

Objectives • All required steps to perform a successful configuration.

20
7-
Prerequisites • Knowledge of OpenScape Solutions.

-0
20
Time • appr. 10 hours (including lab‘s)

o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 5
FN9850FN10FN_TBAZZZAIMHY
 Preface

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

6 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Admin Access

1 Admin Access
OpenScape SBC Local Management Tool Versus Assistant
For a new installation and complete setup of an OpenScape SBC system the OpenScape SBC
local management tool provides all relevant configuration and service functions. When the
WAN and LAN connection to the OpenScape Voice system is up, the OpenScape SBC Assistant
inside the CMP may be used to maintain and configure the system as well.

1.1 Local management login

20
7-
To access the local management GUI, open a web browser and connect to the OpenScape SBC

-0
20
system via https protocol on the previous configured IP address (https://<OpenScape SBC

o_
Core IP>).

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 7
FN9850FN10FN_TBAZZZAIMHY
 Local management login

The default login credentials are:

Username: administrator
Pssword: Asd123!.

Please note: Access to the management is only

 possible from the „Core“ (internal) network, if there
is no additional firewall rule.

Please note: No configuration changes are allowed



20
for about 10 minutes while process manager

7-
checks if the system is stable.

-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

8 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Users and permissions

1.2 Users and permissions

Passwords can be changed or reset to default depending on the user identity, the rights and
the administration tool.

Types of Users on the OpenScape SBC Assistant

The following users are available for login and can be configured in the System window:

User Default Password Comment

administrator Asd123!. Default GUI user

20
root T@R63dis OS administrator

7-
-0
service BF0bpt@x Can be used for SSH login

20
o_
guest 1clENtk= Read-only Local GUI access only

ol
assistant 2GwN!gb4 ic
en
_G

redundancy Asd!.123 Used for cluster synchronization

do
an
rn
Fe

Important: It is strongly recommended that the

._

7
_L

default passwords are changed after system

EN

installation.
00
EN
40

User rights for password change

88
EN

The capability to reset passwords is base on the Management Interface the User is logged on-
to.
<

Management User Rights to Change Pas

Interface
CMP (Assistant) assistant guest, assistant, administrator, service

Local GUI administrator and service guest, assistant, administrator, service

root guest, assistant, administrator, service

guest guest

CLI (ssh) root (via sudo command) guest, assistant, administrator, service

service (via sudo) guest, assistant, administrator, service

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 9
FN9850FN10FN_TBAZZZAIMHY
 Users and permissions

Default users rights/groups for OpenScape SBC

Default user rights and groups are preset for each type of user.
User Assistant Local GUI ssh/sftp Groups
administrator No access Read and Write ssh user, sshlogin
(Read only)

assistant Read and Write No access sftp only assistant, sshlogin

guest No access Read only No access user

root No access Read and Write No access root

(Root privileges via ssh can
be obtained by using sudo)

20
service No access No Access ssh/sftp/scp sshlogin

7-
(Read and Write)

-0
20
redundancy No access No access ssh/sftp sshlogin

o_
(Read and Write)

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

10 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Menu tree overview

1.3 Menu tree overview

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 11
FN9850FN10FN_TBAZZZAIMHY
 Usage

1.4 Usage
The local GUI and the CMP have the same layout beginning with V8. Only the CMP offers ad-
ditional features such as the capability of time scheduled software upgrades or a centralized
license management.

Common Management Portal

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe

Menu tree Working Area

._
_L
EN

Local GUI
00
EN
40
88
EN

Menu tree

Dashboard (can be accessed via „LOCAL DASHBOARD“ from CMP)

12 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Usage

The CMP only provides the menu tree. Soon a menu has been selected, the request is forward-
ed to the OpenScape SBC local GUI. But this requires a direct connection now between the ad-
min PC and the OpenScape SBC which might be blocked if a firewall is used.

20
7-
-0
20
o_
ol
ic
en
OpenScape SBC Assistant
_G

(Common Maagement Portal)

do
an
rn

administration selects a
Fe

1
._

menu in the CMP 3 The browser on the admin

_L
EN

connects direct to the

CMP redirects the
00

2 SBC local GUI and will open

EN

request to the OS the selected menu

40
88
EN

local GUI
(forwarded)

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 13
FN9850FN10FN_TBAZZZAIMHY
 Usage

Any changes in the CMP as well in the local GUI will be „cached“. With the two buttons in the
footer the changes can be saved or discarded:

Save changes Discard changes

20
7-
-0
20
o_
ol
ic
en
_G

 Please note: Working in the CMP as well the local

do

GUI in parallel is not possible.

an
rn
Fe
._
_L
EN
00
EN
40
88
EN

14 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Help files

1.5 Help files

When viewing specific configuration tabs on screens from the SBC, the help brings up de-
tailed configuration help from the SBC help files (local GUI).

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN

Which means that always the help file corresponding to SW version of the selected device is
40
88

shown. The full help document is available on both the assistant and the SBC.
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 15
FN9850FN10FN_TBAZZZAIMHY
 Help files

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

16 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Initial Configuration

2 Initial Configuration
The following documentation can be used for testing and understanding purposes.
Important: Due to security implementation it is strongly recommended to consult addition-
al documentation. - e.g. OpenScape Voice Security Checklist.

Recommended Actions in general:

• On OpenScape Voice, enable Digest Authentication for all sub-
scribers, and use individual and strong passwords

20
• Configure all SIP endpoint ports that serve remote subscribers as

7-
"untrusted"; in other words: exclude all mapped Session Border

-0
20
Controller

o_
• addresses (IP + port-range) identifying static or dynamically regis-

ol
ic
tered remote subscribers from the OpenScape Voice trusted realm
en
• Set the RTP parameter Srx/Sip/AuthTraverseViaHdrs to non-de-
_G

fault value:
do
an

RtpFalse
rn
Fe

Please note: For more informations please consult the latest OpenScape Voice Security
._

checklist
_L
EN
00
EN

2.1 OpenScape Voice Connection

40
88
EN

2.1.1 Creating Endpoint

That the OpenScape SBC can be added to the OpenScape Branch Assistant as well that the
OpenScape Voice will accept requests from the SBC later, a endpoint must be created as fol-
lowed:
1: Navigate to Configuration tab  OpenScape Voice and select the
Business Group icon within the Navigation Bar in Common Man-
agement Portal.
2: Select the <Business Group> in the Available Business Groups pull-
down associated the SBCs to be viewed.
The Business Group selected appears in the Available Business
Groups pull-down.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 17
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

3: Select the Profiles  Endpoint in the Navigation Tree.

The system presents the Endpoint Profiles List view in the Work
Area with a current list of all endpoint profiles associated with the
selected Business Group.
1: Proceed as follows to create a new endpoint profile:
• Click the Add... button.
The <BG name> - Add Endpoint Profile dialog is displayed.

Fill in the Endpoint Profile Name field.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

• Click „Save“ to create the Endpoint Profile.

2: Select the „Main Office“ in the Available Branch Offices pull-down.
The Main Office appears in the Available Branch Offices pulldown.
3: Select the Members  Endpoints in the Navigation Tree.
The system presents the Endpoints List view in the Work Area with
a current list of all endpoints associated with the selected Business
Group and Branch Office.

18 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

1: Proceed as follows to create a new endpoint:

• Click the Add... button.
The <BG name> - Add Endpoint dialog is displayed.

On the „General“ tab:

Fill in the Endpoint Name field.

Select the Endpoint Profile

created in the previous step.
Select the Endpoint Template

20
„Central SBC“. This will set all

7-
-0
required parameters for you.

20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00

On the „SIP“ tab:

EN

1 - Verify that the option „SIP Trunking“ is

40

checked.
88
EN

2 - Verify that the Registration Type is set

to „Static“.
1
3 - Fill in SBC’s Core IP in the
Endpoint Address field.
4 - Verify that the Port is
correct.
2 5 - Verify that the Transport
protocol is set to TCP.

3
4
5

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 19
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

On the „attributes“ tab:

Verify that the following options
are checked:
• SIP Proxy
• Central SBC (new
in V8 to control
who can register
via SBC)
• Route via Proxy

20
7-
-0
20
o_
On the „Aliases“ tab:

ol
ic
Add the SBC’s Core IP address as an alias.
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

20 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

Go back to the „General“ tab:

Verify that the „Registered“ option is
checked (will be checked automatically if
the endpoint template was used)

20
Click on „Save“ to create the endpoint

7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00

.
EN
40

Please note: If a SBC cluster will be installed, this


88

step must be repeated for the 2nd SBC node as well

EN

the virtual IP.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 21
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

2.1.2 Adding the SBC to the OpenScape Branch Assistant

That the SBC can be managed via the OpenScape SBC Assistant in CMP later, the SBC must be
added manually as followed:
1: Navigate to Configuration tab and select OpenScape SBC within
the Navigation Bar in Common Management Portal.
2: Select the OpenScape SBC list in the Navigation Tree under Admin-
istration.
The system presents the OpenScape SBC Overview in the Work
Area with a current list of all SBC‘s.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

22 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

3: Proceed as follows to assign a new OpenScape SBC:

• Click the Add... button.
The Add OpenScape SBC dialog is displayed.

1:Select the associated Comm System by clicking

the “...” button and selecting a Comm system
from the Comm Systems dialog. Click to OK key
to save the Comm System. The Add OpenScape
SBC dialog is re-displayed and the Comm System
information is shown.
1 2:Select the associated Business Group by clicking
1 the “...” button and selecting a Business Group

20
from the Business groups dialog. Click to OK key

7-
2 to save the Business Group.

-0
The Add OpenScape SBC dialog is re-displayed

20
3

o_
4 and the Business Group information is shown.

ol
ic 3:Select the associated Endpoint by clicking the “...”
en
button and selecting a Endpoint from the End-
_G

point dialog. Click to OK key to save the End-

do

point. The Add OpenScape SBC dialog is re-dis-

an

played and the Endpoint information is shown.

rn
Fe
._

The following fields are populated:

_L

• The associated OpenScape SBC Name in the Central SBC Name field
EN
00

• The associated OpenScape SBC IP Address in the IP Address field

EN
40

4:Check the Secure Mode checkbox indicates the status of the OpenScape SBC device.
88

When “unsecured” allows the OpenScape SBC (identified by logical ID) to request an
EN

authentication statement. Once the OpenScape SBC is installed and requests license
information the first time and sends the correct authentication statement, the Open-
Scape SBC is automatically placed in secure mode (the status is updated to secured).
The default is unchecked/unsecured when first installed.
Secure mode must be unchecked to to reinstall an OpenScape SBC.

• Click to OK key to save the Endpoint.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 23
FN9850FN10FN_TBAZZZAIMHY
 OpenScape Voice Connection

The Add OpenScape SBC dialog is closed and the OpenScape SBC Overview is displayed SBC
assigned Endpoint information is shown.

When the OpenScape SBC is added to the OpenScape SBC Assistant, from that point the
OpenScape SBC Assistant will be able to administer this OpenScape SBC. First, the connection

20
should be tested by selecting the SBC in the list and click on „Refresh Selected“. The status

7-
should then change from „Unknown“ to „Survival“ (or maybe „Normal“ if a previous configu-

-0
20
ration was loaded during installation) as well the „Last Update“ collumn should show the cur-

o_
rent date and time.

ol
ic
For any future configuration select the SBC in the menu tree, which takes a few seconds until
en
the SBC status is retrieved, which brings up the menu for the configuration.
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Please note: Any configuration can be done from the local GUI, in case that the CMP is not
available, but the recommended way is to use the CMP.

24 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

2.2 Network configuration

Depending on the used hardware, the SBC supports up to 4 network interfaces which can be
used for interface redundancy or to separate physical the traffic.
Many customers have use cases requiring access to both private and public networks. For ex-
ample, some SIP Service Providers offer SIP trunking services via an MPLS connection using
private IP addresses while remote user access is required via the public Internet.
Several OS-SBC options are available to address this need:
1: Deployment of physically separate OS-SBC's, each providing WAN
access to the public or private network. One centralized SBC WAN
interface to a SSP's SIP trunk service via MPLS connection using a

20
private IP address that is not exposed to the Internet. Another cen-

7-
tralized SBC WAN interface for public Internet IP address used by

-0
20
remote users / home workers.

o_
2: In place of physically separate SBC's as in option 1 above, the OS-

ol
ic
SBC can be configured to logically separate the single physical OS-
en
SBC access interface (eth1) into one or more VLAN 802.1q tagged
_G

private networks and the default public network (not 802.1q VLAN
do

tagged). IP Packets are exchanged via a local L2 managed switch

an

which is configured to forward IP messages to specific L2 ports

rn
Fe

based on the VLAN tag. In the process of forwarding the IP message

._

the VLAN tag may be removed.

_L
EN

The physical network separation is performed with the OS-SBC supporting more than one
00

physical Ethernet interface for the SBC‘s access site.

EN

The network interface cannot be directly assigned / used in a endpoint or for the subscriber
40
88

configuration. A „Realm Configuration“ must be created first which defines the IPs, ports, ser-
EN

vices, etc. to be used for the network interface. Then a „Realm Profile“ must be created which
allows to choose the access or core realm. The access realm offers a few more options, e.g. Sig-
naling and Media on different interfaces or security issues.

Physical Network Interface Configuration

Interface IP, Port, Service(s), ...
Realm Subscriber/Endpoint
Profile Configuration
Physical Network Interface Configuration
Interface IP, Port, Service(s), ...

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 25
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

 Please note: Enhanced OS SBC NIC configuration

is possible on the access/admin realm

For a default OS-SBC configuration the following associations exist:

• Core (internal) realm network interfaces are associated with eth0
• Access (external) realm network interfaces are associated with
eth1

20
7-
-0
20
Please note: Only the official hardware is sup-

o_
ported. Depending on the HW model there are ei-
 ol
ther 2 or 4 NICs available. On virtual Environ-
ic
en
ments, up two additions vNICs can be added via
_G

the vCenter with a total of 4 vNICs.

do
an
rn
Fe

2.2.1 Ethernet port configuration

._
_L

Based on the IEEE 802.3u - Autonegotiation will only work if both parties are configured to
EN

AUTO. In case of one party (in our case the network switch) is configured to a fixed value, the
00

standard - so called PARALLEL DETECTION is not able to adjust the duplex mode. Therefore
EN

- based on the standard - the half-duplex mode will be taken. This will lead to a misconfigura-
40

tion.
88
EN

In case that a manual speed / duplex mode should be set, the LAN/WAN interface can be con-
figured manual under „Network/Net Services“ on the „Settings“ tab:

Can only be changed of speed is

not set to Auto or 1000

Select the NIC speed (fixed) to disable „autonegotation“

Indicates if the network interface is used (activated)

Interface redundancy (Will be described later)

26 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

The Ethernet interface speed can set by selecting from 4 values: Auto, 10, 100, and 1000 Mbps
(Default link speed for new installation is auto).
Possible Duplex mode values are full and half, with default value set to full. Duplex mode is
not allowed to be changed when speed is set to auto. When speed is set to auto, duplex mode
will switch to auto. When link speed is set to 1000Mbps, duplex mode can only be set to full.
Also in case that a different MTU size then 1500 bytes is required, e.g. if a VPN connection is
used, this setting can be done here individual for each interface (allowed range 300-1500).

Please note: Only the first two network interfaces

 are used by default. The „eth2“ and „eth3“ may
not be available depending on the used hardware.

20
7-
-0
20
o_
2.2.2 IP configuration
ol
ic
en
Core Side:
_G

The Interface configuration is used to define the IP‘s, supported Services and Ports for a net-
do
an

work. On the internal (Core) network, only one single configuration is supported:
rn
Fe
._

cannot be changed on „Core“

_L
EN

Main IPv4, Main IPv6 or Non Vlan IP

00
EN
40
88
EN

Name of Core Realm IP address / Subnet mask Ports used for

signaling services
Network Interface Traffic supported
(eth0 or bond0) (cannot be changed on „Core“)

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 27
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

Access Side:
The external (Access) network has a view additional parameters as well supports multiple
configurations including the support of up to 1000 VLAN‘s and up to 2000 IP‘s in total:

Name for the Network Interface VLAN ID Ports used for

access realm (eth1 or bond1) (only for type „VLAN IP“) signaling services

DoS configuration
Supported Traffic

20
IP address / Subnet mask

7-
-0
20
o_
Defines the network type

ol
Main IPvX - primary configuration for a network (no VLAN)
ic SIP server to which
en
Non-VLAN IP - defines a additional IP for a network requests from this
_G

VLAN IP - is used to define a VLAN network network will be sent

do
an
rn

Additional network configuration (e.g. additional IP‘s) can be added by clicking the „Add“ but-
Fe

ton. e.g. to define a VLAN network use the type „VLAN IP“ and fill in the network configura-
._
_L

tion:
EN
00
EN
40
88
EN

 Please note: UDP is not supported on VLAN‘s. En-

ter „0“ for the UDP port.

28 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

Another possibility is to separate the signaling and RTP traffic. This can be done either by us-
ing different VLAN‘s or with different IP‘s. The following example shows a network configu-
ration using different IP‘s for signaling and RTP (non VLAN):

20
7-

-0
Please note: A unique Network ID must be used

20
for each configuration.

o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 29
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

2.2.3 Realm Profile configuration

The Realm Profile configuration finally defines the network configuration used for signaling
and media (RTP) traffic. This profile is later used to define the network configuration used for
a subscriber or endpoint:

Physical Network Interface Configuration

Interface IP, Port, Service(s), ...
Realm Subscriber/Endpoint
Profile Configuration
Physical Network Interface Configuration
Interface IP, Port, Service(s), ...

20
7-
There are two default realms defined in the SBC:

-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

30 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

„Main-Core-Realm - ipv4“ defines the IP configuration used for signaling and media traffic in
the internal network and „Main-Access-Realm - ipv4“ for the external network. Additional
configurations can be created with the „Add“ button as well the existing configuration can be
changed, e.g. to separate the signaling and media traffic:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 31
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

2.2.4 Ethernet Bonding (NIC Redundancy)

The SBC is able to support Ethernet bonding (redundancy) for the OpenScape SBC’s Access
and Core network realms. Network interface redundancy will help prevent an SBC node Loss
of Service in the event of a single Ethernet NIC failure, local switching network failure possi-
bly leading to an OS-SBC loss of local connectivity.
It allows the combination of available OS-SBC Ethernet Network Interface Controllers (NIC)
‘eth0’ thru ‘eth3’ into up to two bond interfaces.
Ethernet interface bonding can be independent applied to the SBC WAN access-side or LAN
core-side network interface.

20
7-
-0
LAN

20
o_
ol
ic
en
_G
do
an

Redundant
Cluster
rn
Fe
._
_L
EN
00
EN

WAN
40
88
EN

Please note: Bonding on a virtual SBC does not

 make sense. Redundancy for network interfaces

on virtual environments should be done on the
ESXi host.

32 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

Bonding can only be configured of there is at least one addition network interface available
(the SBC typically has 4 interfaces). To enable the network interface redundancy feature, the
additional network interfaces must be enabled:

20
7-
-0
20
o_
ol
ic
en
_G
do
an

Now the „Interface Bonding“ can be enabled and the physically interfaces be assigned to an
rn
Fe

„bonding“ interface (located below the physical interface configuration):

._
_L
EN
00
EN
40
88
EN

Choose the „Type“ which can be either „Redundancy“ for interface redundance or „Load Shar-
ing“ to increase the capacity (must be supported by the network switch).

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 33
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

The first bonding interface gets automatically assigned to the core realm:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Additional configured bonding interfaces can be used then for the Access network.

34 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

Monitoring
The bonding interface status can only be checked via the CLI (shell). The ifconfig command
shows the current network interface configuration:

sbc:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:9F:15:C9
inet addr:10.0.0.170 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe9f:15c9/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:416 errors:0 dropped:209 overruns:0 frame:0
TX packets:200 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:51434 (50.2 Kb) TX bytes:40188 (39.2 Kb)

20
7-
-0
eth1 Link encap:Ethernet HWaddr 00:50:56:9F:75:07

20
inet addr:1.20.250.170 Bcast:1.20.255.255 Mask:255.255.0.0

o_
inet6 addr: fe80::250:56ff:fe9f:7507/64 Scope:Link

ol
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
ic
en
RX packets:2933 errors:0 dropped:1527 overruns:0 frame:0
_G

TX packets:123 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0
do

RX bytes:207716 (202.8 Kb) TX bytes:18075 (17.6 Kb)

an
rn
Fe

seth0 Link encap:Ethernet HWaddr 00:50:56:9F:15:C9

._

UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1

_L

RX packets:207 errors:0 dropped:0 overruns:0 frame:0

EN

TX packets:200 errors:0 dropped:0 overruns:0 carrier:0

00

collisions:0 txqueuelen:1000
EN

RX bytes:25657 (25.0 Kb) TX bytes:40188 (39.2 Kb)

40

seth1 Link encap:Ethernet HWaddr 00:50:56:9F:75:07

88

UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1

EN

RX packets:1550 errors:0 dropped:0 overruns:0 frame:0

TX packets:123 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:121577 (118.7 Kb) TX bytes:18075 (17.6 Kb)

seth2 Link encap:Ethernet HWaddr 00:50:56:9F:15:C9

UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:209 errors:0 dropped:209 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25777 (25.1 Kb) TX bytes:0 (0.0 b)

seth3 Link encap:Ethernet HWaddr 00:50:56:9F:75:07

UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:1383 errors:0 dropped:1383 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:86139 (84.1 Kb) TX bytes:0 (0.0 b)

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 35
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

The physical interfaces will be renamed to „sethX“ when bonding is active. The „old“ ethX in-
terface is now the bonding interface.
The bonding interface status by itself can be checked via the „proc“ filesystem. For each bond-
ing interface is a status file located under /proc/net/bonding/<interface name>

sbc:~ # cat /proc/net/bonding/eth0

Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)

Primary Slave: None
Currently Active Slave: seth0

20
MII Status: up

7-
MII Polling Interval (ms): 100

-0
Up Delay (ms): 0

20
Down Delay (ms): 0

o_
ol
ic
en
Slave Interface: seth0
_G

MII Status: up
do

Speed: 1000 Mbps

an

Duplex: full
rn

Link Failure Count: 0

Fe

Permanent HW addr: 00:50:56:9f:15:c9

._
_L

Slave queue ID: 0

EN
00

Slave Interface: seth2

EN

MII Status: up
40

Speed: 1000 Mbps

88

Duplex: full
EN

Link Failure Count: 0

Permanent HW addr: 00:50:56:9f:5e:cc
Slave queue ID: 0

The „Currently Active Slave“ parameter will show the physical network interface currently
used. In this example „seth0“ which is the 1st physical interface. In addition the „MII Status“
shows the link status of each network interface.

36 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

2.2.5 Default gateway / static routes

During the installation the default GW must be configured on the core (internal) network. Af-
ter typically the most (unknown) networks are located on the access (external) site, the default
gateway should be changed in the „Network/Net Services“ under „Settings“ in the „Routing“
section:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40

7 Important: The SBC forces during installation to use

88

a default GW located in the LAN segment.

EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 37
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

2.2.6 Near-End NAT Firewall (if used)

The OpenScape-SBC (OS-SBC) was up to V7R0 able to support external firewalls which oper-
ate in “transparent mode”, where the firewall outside interface and inside interface are in the
same subnet. In this configuration no firewall network address translation (NAT) takes place.
All the messages going out of the OS-SBC Access side contain the OS-SBC Access IP in SIP
headers and in SDP.
This would cause the Remote Subscribers/Endpoints to setup the RTP plus subsequent in-di-
alog messages directly to the OS-SBC Access IP, which is not reachable from the outside with-
out going through the firewall.
All devices “outside” the firewall must be informed to communicate with the external address
of the firewall.

20
7-
The following describes a typical L3 FW with different subnets on each interface:

-0
20
o_
External Firewalls

ol
OpenScape

ic SBC OpenScape
en
Voice
PSTN
_G

Subnet-2
OpenScape Branch (SBC)
do

Subnet-1
an

Internet
rn

Subnet-n
Fe

Up to 10
._

PSTN
_L

217.194.40.109 192.168.7.125
EN

OpenScape Branch (SBC)

typical L3 FW - with different subnets on each interface.

00
EN
40

Restrictions
88
EN

This feature has been tested with Fortigate 310B. Using the external firewall does not disable
the internal firewall.
• SIP/TLS is not supported by the current FortiOS
• SIP ALG (Application Layer Gateway) of the Firewall is not support-
ed
• Firewall profiles are not supported
• Setting of the internal IP address of the firewall is not supported
• On the FortiGate, the “helpers” for SIP and MGCP must be disabled

38 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Network configuration

The feature will be enabled on the „Security“ menu, under „Firewall“:

Indicates if an external firewall is used

(„External Firewall“ option below is enabed)

20
7-
-0
20
o_
ol
ic
en
check to inidcate that a firewall
_G

is used on this network

do
an
rn

enter the firewalls external (public) IP

Fe

to be included in outgoing messages

._
_L

if not „transparent mode

EN
00
EN

Saving the configuration with “External Firewall” checked, without entering any external fire-
40

wall configuration parameters identifies that the external firewall will be operating in “trans-
88

parent mode” (only port filtering).

EN

 Please note: All other parameters in the „External

Firewall“ section are for future use.

The external firewall must be configured to forward all SIP, MGCP signaling and RTP media
messages between the OS-SBC located on the internal network and the external network us-
ing the same port configuration as provisioned in the OS-SBC, i.e., static port forwarding for
all IP addresses is used.
The outgoing headers affected are: From, Via, Contact, Record route and Route.
In the above headers the OS-SBC Access IP address (private) is replaced with “Firewall Exter-
nal IP”. SDP is converted in a similar manner.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 39
FN9850FN10FN_TBAZZZAIMHY
 Date / Time settings

2.3 Date / Time settings

1: In the same menu (Network/Net Services) on the „NTP“ tab, select
the corresponding timezone.
2: The date / time can be set either
• Manual by choosing the option „Manual configuration“ and set the
date and time or for synchronizing the SBC with a existing
timeserver (NTP) choose the option „Synchronize with NTP server“
and provide the NTP server IP address or DNS name (if configured).

20
7-
-0
20
o_
ol
ic
en
_G

Please note: To synchronize with the NTP server promptly, use the

do

„Synchronize now“ button. In this case the server address must be

an

entered in the Server field.

rn
Fe
._
_L
EN

3: Optional the „Enable local NTP server“ option can be used if the
00

SBC should provide the NTP service for client devices.

EN

4: Click on „Apply Changes“ to save the settings which will cause a re-
40

start in case that the timezone has be changed.

88
EN

40 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 DNS configuration

2.4 DNS configuration

1: On the „DNS“ tab, a DNS server can be configured. Enter the DNS
servers IP and click on „Add“ to add it to the list of DNS servers. If a
alias (DNS search domain) should be configured, enter it in the
„Alias“ field and click on „Add“. To remove an entry, select it and
click on „Delete“
.

20
7-
-0
20
o_
ol
ic
en
2: The own hostname and DNS domain can be changed in the „Sys-
_G

tems“ menu on the „Settings“ tab:

do
an
rn
Fe
._
_L
EN
00
EN
40

Please note: That the hostname will be overriden

88


EN

with the endpoint name if the CMP is used to ad-

minister the SBC.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 41
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

2.5 Connecting the SBC to the OpenScape Voice

Now, we can configure the connection to the OpenScape Voice in our SBC.
1: Navigate to Configuration  OpenScape Voice and select the Ad-
ministration icon within the Navigation Bar in Common Manage-
ment Portal.
2: Select the signaling Management  SIP in the Navigation Tree.
A windows will be opened showing the SIP Signalling settings. This
window show the SIP Signaling IP’s for node 1 and node 2. Remem-
ber this settings for the next step.

20
7-
-0
20
o_
ol
ic
en
Node 1
_G
do
an

Node 2
rn
Fe
._
_L
EN
00
EN
40
88
EN

42 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

2.5.1 OpenScape Voice Simplex scenario

1: On the CMP or the SBC local GUI navigate to VoIP  SIP Server
Settings.
2: In the SIP Configuration section (1st section):
• select the OpenScape Voice mode (scenario) „Simplex“.
• For Node 1, select the Target Type: Binding for IP / DNS name.
• Enter the OpenScape Voice SIP Signaling IP for node 1 retrieved in
step 2 in the Primary Server field and make sure that the correct
Transport / Port is selected.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

3: Click on „Apply Changes“ to save the settings. A warning message

will appear that the SIP server must be restarted. This can be con-
firmed with „OK“.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 43
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

2.5.2 OpenScape Voice active-standby scenario

1: On the OpenScape SBC GUI navigate to the VOIP  SIP Server Set-
tings.
2: In the SIP Configuration section (1st section):
• select the OpenScape Voice mode (scenario) „Active-Standby“.
• For Node 1 and Node2, select the Target Type: Binding for IP / DNS
name.
Enter the OpenScape Voice SIP Signaling IP for node 1 and node 2 in the Primary Server field
and make sure that the correct Transport / Port is selected.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Please note: As Target type can be used either Node 1 and Node 2 Binding‘s or DNS-SRV re-
cords (with the records of node 1 and node 2).

Binding: Is IP of node 1 (sipsm1), and node 2 (sipsm2) of the dedicated OSV.

DNS-SRV: Is SRV record of node 1 (sipsm1) and SRV record of node2 (sipsm2).
The OSV (duplex) is L3 separated. Both signaling interfaces of the OSV are in us-
age !
Please consider reachability of all components !

44 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

3: Click on „Apply Changes“ to save the settings. A warning message

will appear that the SIP server must be restarted. This can be con-
firmed with „OK“.

4: Navigate to Network/Net Services  Settings.

5: In the „Interface Configuration“ section under „Access realm con-
figuration“ click on Add and enter:

20
7-
• Type „Non-VLAN IP“

-0
20
• Choose a unique name to identify this network configuration un-

o_
der „Network ID“

ol
ic
• Set the „Interface“ to the same as the existing „Main IPv4“ interface.
en
• Enter a IP Address / Subnet mask to access the OpenScape Voice
_G

node 2.
do
an

• UDP / TCP Port used for SIP messages without encryption, usually
rn

5060.
Fe
._

• TLS and MTLS Port used for SIP TLS messages (e.g. 5061 and 5161).
_L

• MGCP Port (not used in SBC).

EN
00

• Set the „SIP server“ to „Node 2„ to forward request on this IP to the

EN

2nd OSV node.

40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 45
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

6: Click on „Apply Changes“ to save the settings. A warning message

will appear that the SIP server must be restarted. This can be con-
firmed with „OK“.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

46 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

2.5.3 OpenScape Voice connection

To monitor the connection to the OpenScape Voice, navigate to the „Dashboard“. In the Sys-
tem status area, the „Operational state“ should go to „normal“ and the primary server for node
1 and node 2 (if configured) should be marked with a green arrow which indicates that the
connection to the OSV has been established. Use the refresh icon to update this view or select
an „Auto refresh timer“ value if the connection should be monitored for a longer time.

• "normal" indicates full connectivity to primary and/or backup

server.
• „Survivable“ mode status is only relevant internally and tran-
sition to survivability mode (when both OpenScape Voice
nodes become unreachable) does not initiate any ‘operational

20
7-
mode’ notifications.

-0
20
o_
ol
ic
en
Simplex system

_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88

OpenScape Voice Node 1 can be reached

EN
Duplex system

OpenScape Voice Node 2 cannot be reached

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 47
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

2.5.4 SBC timers and thresholds

The OpenScape Voice connection will be tested by default every minute via a SIP OPTIONS
message. If the request will not be answered within the configured timeout range (4 seconds),
the request counts as failed. If two requests will not be answered from the OSV, the SBC marks
the responsible OSV node as inaccessible. After one OPTIONS message will be answered, the
OSV will be marked as normal.

SBC sends ...

60 s 60 s 60 s 60 s
OPTIONS interval
4s 4s 4s 4s 4s 4s
OPTIONS timeout

20
7-
-0
20
o_
ol
ic
en
_G

SIP „OPTIONS“ „200 OK“ additional SIP „OPTIONS“

do

(transition mode)
an
rn

No response or error Operational state

Fe
._

(e.g. „500 SERVER INTERNAL ERROR“) (Normal / Survival)

_L
EN
00
EN

Please note: If both configured OSV nodes (serv-


40

ers) become unavailable, the SBC switches to

88

„Transition“ and then to „Survival“ mode.

EN

48 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Connecting the SBC to the OpenScape Voice

This behavior can be configured on the „VoIP“ menu under „Sip Server Setitngs“ in the „Tim-
ers and Thresholds“ section:

Number of failure attempts counted Interval where a OPTIONS message will

before considering a node failure be send to the OpenScape Voice
(Range 1-10, default 2) (10-300 seconds, default 60 seconds)

20
Number of failure attempts during Timeframe until the OPTIONS message

7-
Transition Mode that SBC will count must be answered oherwise it counts as

-0
20
until switch to Survivable Mode failed (1-32 seconds, default 4 seconds)

o_
(Range 0-10, default 1)
ol
ic
en
_G

Number of positive responses to wait until consider a node activate again

do
an
rn
Fe

2.5.5 Preserved SIP ports

._
_L

To avoid outage if you change SIP servers settings you should preserve SIP Ports, the amount
EN

depends on your environment.

00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 49
FN9850FN10FN_TBAZZZAIMHY
 License

2.6 License
After the SBC has been installed, a 30 day grace period is availble until a valid license file must
be installed. If no license will be installed during this time, the SBC will stop operation. The
license file must be installed on the CMP via the SBC is managed and can then be assigned to
the SBC.
The licenses will be managed via
Maintenance  Licenses
The Locking ID can be obtained via „Locking IDs“

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn

The license must be generated from the LAC with the Locking ID (MAC address of eth0) via
Fe

the Central License Server. The from the CLS provided license file can then be uploaded to the
._
_L

OpenScape Voice via „Offline Activation …“ under „Information“.

EN
00
EN
40
88
EN

Click on „Offline Activation …“, enter the license filename or use „Browse...“ to navigate on
your local harddisc and press „Activate“. The imported license should be shown then.

50 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 License

Open the SBC‘s dashboard by navigating to Configuration  OpenScape SBC and select the
SBC under „Branch Office List“. The current license information will be shown:

Click to assign a license

20
7-
-0
20
Licenses configured in CMP Licenses configured in SBC Licenses used in SBC

o_
ol
ic
To assign a license, click on „Configure“. On the following screen select the ammount of licens-
en
_G

es which should be assigned to the SBC:

do
an
rn
Fe
._
_L

Clear license on SBC

EN
00

Licenses available on CMP

EN
40
88
EN

Licenses to be assigned to the SBC

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 51
FN9850FN10FN_TBAZZZAIMHY
 License

Each installed SBC needs a „SBC Base“ license plus each call leg on the SBC‘s Access side a „Ses-
sions“ license.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

52 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 License

For a standalone SBC (without CMP) the license file must be assigned to the SBC‘s locking ID
(only „real“ hardware or Advanced locking ID and uploaded via the local GUI on the system
menu under „Licenses“:

used only for „real“ hardware

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

The „License type“ shows if a license is installed and which one:

• „None“ means that no license is installed and the SBC runs on
„Grace period“
(up to 30 days after installation).
• „Stand Alone“ indicates that a „local“ license file has been up-
loaded via this dialog.
• „Floating“ is shown if the license is assigned via the CMP. In
this case the CMP‘s IP
providing the license is shown in the „License server“ field
If the license is „time limited“, e.g. a demo or software subscription license is used, the
„Grace period“ field indicates how many days the license is valid. A alarm is generated
when the license is about to expire.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 53
FN9850FN10FN_TBAZZZAIMHY
 License

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

54 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers

3 Remote Subscribers
Subscriber

Data Center

LAN
LAN Public Network
e.g. Internet Home User

Mobile User

20
7-
-0
20
WLAN Access Point

o_
e.g. Hotspot

ol
ic
en
_G

The Remote Subscriber feature of the SBC provides secure remote user access to the IP tele-
do

phony infrastructure of an OpenScape Voice system for SIP phones regardless of location, e.g.
an

from home or a public WLAN connection via the internet. It supports the necessary near-end
rn
Fe

and far-end Network Address Translation (NAT) traversal functions for connection via the In-
._

ternet.
_L
EN

Currently only one device behind a far-end NAT is supported. For example, a home worker
00

uses a NAT router between the home network and the Internet. This means support of only
EN

one IP address serving the SIP endpoints behind each far-end NAT and just one telephone on
40

the home network registered to OpenScape Voice via the OpenScape SBC.
88
EN

All OpenScape Voice SIP subscriber features are supported by OpenScape SBC for a Remote
User.
By default the payload will be forced thru the SBC for every connection to ensure that the RTP
connection can be established between the two subscribers (e.g. if a firewall is in use). This be-
haviour can be configured later with the „Media Realm Groups“.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 55
FN9850FN10FN_TBAZZZAIMHY
 OpenScape SBC configuration

3.1 OpenScape SBC configuration

Per default this feature is disabled in the OpenScape SBC. The only required configuration to
support Remote Subscribers is that the responsible feature must be enabled in the „Features“
menu by checking the option „Enable Remote Subscribers“:

Check to enable Remote Subscriber support

20
7-
-0
20
o_
ol
ic
en
_G
do
an

Please note: As long the „Remote Subscribers“ fea-


rn

ture is not enabled, the SBC will reject any request

Fe

with a SIP error „503 Server Unavailable“.

._
_L
EN
00
EN
40
88
EN

Signaling
Payload

56 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OpenScape SBC configuration

3.1.1 Remote subscriber provisioning:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._

General settings - explanation:

_L
EN

Enable register throttling - Enables register throttling timers for UDP and TCP.
00

Enable register throttling for TLS - Enables register throttling timers for TLS (just TCP).
EN
40

Timer value towards subscriber (sec) - The expiry timer that CSBC uses towards the phone.
88

This only applies to remote subscribers behind a NAT.

EN

Maximum throttling timer threshold (sec) - The maximum timer for throttling mechanism to
control the expiry timer indicated in the „Register“-request of the phone.
Maximum registration expiry time (sec) - The maximum acceptable expiry time for a Register
request. Possible values are in range 3600 to 86400.
Port Mapping TTL timer (hours) - It is the timer for Port Mapping „Time To Live“.
Possible values are within the range 1 to 48 hours or never (meaning port mappings persist
once they occur).

Please note: In OSS version 8 (November, 2014) throttling for TLS OSMO devices is not per-
formed.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 57
FN9850FN10FN_TBAZZZAIMHY
 OpenScape SBC configuration

3.1.2 Optional: Remote Subscriber Settings

Important: Everything you enter here will not be anchored by SBC and will directly be
passed from A party to B, vice versa.

Example for „VPN“ remote subscriber Example for „internet“ remote subscriber

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Explanation:
Name - user defined name of the remote subscriber
Location Domain Name - user defined location of the phone > must be a valid IP address or
FQDN
Subnet IP Address & Mask - IP address or subnet of the phone > like 10.10.251.0/24
Media profile – this is a drop-down of the Media profiles, defined under GUI > VOIP > Media
> media profiles
Certificate profile – drop-down allows selection of a TLS certificate associated with this re-
mote location.
Firewall Settings - always recommended to use > for details refer to Firewall Settings ...
Emergency configuration - Add numbers to be considered emergency such as 112 in Europe,
911 in US etc.. > for details refer to Emergency Calling Subnets ...

58 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OpenScape SBC configuration

3.1.3 Firewall Settings

20
7-
-0
20
o_
ol
ic
en
_G
do

Explanation:
an

enable SIP UDP - If selected allows SIP via UDP.

rn
Fe

enable SIP TCP - If selected allows SIP via TCP.

._
_L

enable SIP TLS - If selected allows SIP via TLS.

EN
00

enable MGCP - If selected allows exchanging messages via MGCP protocol.

EN

Enable DNS - If selected allows exchanging DNS messages

40
88

Message rate threshold - Defines the number of messages per second which will block an IP
EN

address.

White List - Allow Incoming/Outgoing WAN network connections for a specific IP/Port. If the
Port field is empty, all ports will be allowed.
Black List - Block Incoming/Outgoing WAN network connections for a specific IP/Port. If the
Port field is empty, all ports will be blocked.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 59
FN9850FN10FN_TBAZZZAIMHY
 OpenScape SBC configuration

3.1.4 Emergency Call Routing

20
7-
-0
20
o_
Explanation:

ol
ic
IP Address or Subnet - This configures the IP address (or range of IP addresses) of the sub-
en
scriber(s).
_G
do

Subnet Mask - This configures the IP subnet of the range of subscribers defined by the IPAd-
an

dress configuration. For a single host address configure mask 255.255.255.255.

rn
Fe

Routing Prefix - This configures a preferred gateway to be used by this emergency subnet. The
._
_L

first digits of each prefix also links the current Subnet to a dialed Emergency Number.
EN

For example, prefixes like "91122" or "91133" restrict the Subnet to be used with a configured
00

"911" Emergency Number.

EN
40
88
EN

!! SBC V9 R2.25.01, we can not

choose or enter a routing pre-
fix

Default Destination - It is a fully registered and callable local SIP phone number. When the
emergency call to the PSAP fails, the emergency call is redirected to this default destination
(attendant) which may have a PSTN land line to call the „public safety answering point“ (PSAP)
directly to report the emergency for the original caller.
Important: Send LIN instead of CPN - DO NOT configure or use this option!!!

60 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Subscriber configuration

3.2 Subscriber configuration

Up to OpenScape Voice V7 there was no specific subscriber configuration required for the
SBC to be able to register/use a subscriber via the SBC. V8 introduces the capability to control
who can register through the SBC via the new „Central SBC“ attribute which is configured on
the SBC‘s endpoint:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40

The „Central SBC“ attribute will be greyed out as long the „SIP Proxy“ attribute is not set. In
88

addition the „Allow proxy bypass“ attribute will automatically be unchecked soon the „Cen-
EN

tral SBC“ attribute is set.

This attribute will automatically be set if the endpoint template „Central SBC“ is used.
When receiving a registration attempt from a non-subscriber EP the SIP-Registrar checks if
the EP the REGISTER came through has “Central SBC” set:
• Central SBC not set => successful registration
(request is processed as normal / without any additional check)
• Central SBC set => check “Registration via central SBC allowed” for
the subscriber:
• set => successful registration
• not set => respond with 403 (Forbidden)

SIP/2.0 403 Forbidden

From: "498970071001" <sip:[email protected]>;tag=36d092f042;epid=SC0301ff
Warning: 399 10.0.0.170 "Subscriber <498970071001> not allowed to register via Central SBC."
Content-Length: 0

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 61
FN9850FN10FN_TBAZZZAIMHY
 Subscriber configuration

In order to be able to control whether a subscriber is allowed or not to register via a Central
SBC the new subscriber attribute “Registration via Central SBC Allowed” has been introduced
on the „Connection“ tab:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00

The flag “Registration via central SBC allowed” must be set appropriately for each subscriber.
EN

After an Upgrade from an earlier Release all subscribers will have the attribute “Registration
40

via Central SBC allowed” set to ensure backwards compatibility.

88
EN

62 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Subscriber configuration

3.2.1 Logs
Any unsuccessful registration attempt will be logged in the HiqLogAlert.log which can be
checked on the OpenScape Voice nodes (depending on which node processes the request):

root@sbcn1:[~] #108
# tail /log/HiqLogAlert.log
{
serial_number => 19455,
time => 'Tue Apr 29 10:30:03 2014',
time_secs => 1398760203,
time_usecs => 575147,

20
process_name => 'sipRegistrar11',

7-
file_name => 'sipServerTxHandler.cc',

-0
20
line_num => 869,

o_
pid => 13608,

ol
log_priority => 'MEDIUM',
ic
en
log_category => 'COM_EXT_RESP_ERR_RX',
_G

log_appl_reason => '0x23139d',

do

component_id => 'SIP',

an

appl_event_id => 5021,

rn
Fe

num_prior_occurences => 0,
._

managed_suppression_count => 10,

_L

managed_suppression_time => 1,
EN

data_length => 209,

00

data => 'Sent SIP error code <403> (<403 Forbidden>) to DN = <498970071001>, IP =
EN

<10.0.0.170:5060>, Call ID = <3387d9e5bdedb2d1>, Method = <REGISTER>. Subscriber

40

<498970071001> not allowed to register via Central SBC.',

88

}
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 63
FN9850FN10FN_TBAZZZAIMHY
 Phone Configuration

3.3 Phone Configuration

The configuration for a remote subscriber is identical with a phone which is directly attached
to the OpenScape Voice with one exception: The configured SIP registrar and server in the de-
vice must be WAN IP (access IP) of the OpenScape SBC.
Login to the phones Administrator Pages and navigate to System  System Identity. Enter the
subscriber ID in E164 format in the Terminal Number field. Optional, enter a display identifi-
cation and check the option „Enable ID“:

20
7-
-0
20
o_
ol
ic
en
_G
do
an

Navigate to System  SIP interface and make sure that the correct transport protocol is se-
rn

lected (TCP since OSV V5):

Fe
._
_L
EN
00
EN
40
88
EN

64 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Phone Configuration

Last under System  Registration enter the SBC‘s WAN IP in the SIP server and registar ad-
dress field and enter the digest authentication information (recommended) as configured for
the subscriber in the OpenScape Voice:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

Verify that the Server type is set to „OS Voice“. The 1st registration takes a few moments but
00

the phone should become registered in less then one minute.

EN
40

The SBC will assign a unique port number out of a dynamic port range (default 10000-49999)
88

called mapping table for every subscriber during the registration. This port range can be con-
EN

figured on the „VoIP“ menu under „Port and Signaling Settings“:

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 65
FN9850FN10FN_TBAZZZAIMHY
FN9850FN10FN_TBAZZZAIMHY

66
He will then replace the subscribers real IP with his own LAN (Core) IP and the unique port number as well he will
Configuration

add a „VIA“ header and forwards the request to the configured OpenScape Voice. In the answer or a request from
the OpenScape Voice to the subscriber, the „VIA“ header will be removed and the IP / port will be replaced with the
real subscriber IP.
The following diagramm shows the message flow between the subscriber, the OpenScape SBC and the OpenScape
Voice.

EN
External IP Mapped Port

88
x.x.x.x 10000

40
1.23.11.203 10001

EN
00
EN
_L
._
Fe
Access-Side Core-Side

rn
(WAN) (LAN)

an
do
Subscriber 10.0.0.120

_G
1.23.11.203 1.20.250.170 10.0.0.170

en
ic
ol
REGISTER

o_
20
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved

REGISTER REGISTER

-0
From: [email protected]:5060

7-
To: [email protected]:5060 REGISTER

20
Contact: [email protected]:5060 From: [email protected]
To: [email protected]
Via: 10.0.0.170
Contact: [email protected]:10001

Phone Configuration
200 OK
200 OK 200 OK
From: [email protected]
200 OK To: [email protected]
From: [email protected]:5060 Via: 10.0.0.170
To: [email protected]:5060 Contact: [email protected]:10001
Contact: [email protected]:5060
02.2019
 Phone Configuration

The registered subscribes (mapping table) can be checked on the „Maintenance & Diagnos-
tics“ tab under „System info“:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Subscriber ID

Subscriber URI (ID @ IP : port ; protocol)

Used registration timer to OSV and to the subscriber (usally equal on both sides)
„0“ to the subscriber indicates that registration throttling is active (NAT in use)

Dynamic port assigned to the subscriber on the Core side (LAN)

On the OpenScape Voice, the subscribers appears with the SBC‘s Core IP and the dynamic port
assigned here.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 67
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

3.4 Remote Subscribers configuration

The Remote Subscribers configuration allows to control additional parameters such as the
„Registration throttling“ or the emergency network definition.

Registration throttling
Registration throttling is used for subscribers behind a NAT router to keep the connection on
the NAT router open. When the subscriber will send the REGISTER request, the NAT router
opens a port on the WAN side for the answer. If there is no communication anymore, the
router closes the port and therefore the subscriber couldn‘t be reached anymore.

20
Please note: The SBC will detect the NAT router by comparing the IP from which the request

7-
is received with the IP included in the SIP contact header information.

-0
20
o_
ol
By reducing the registration timer, the subscriber will be forced to renew the registration in a
ic
en
much shorter intervall. But this would increase the OpenScape Voice load and therefore the
_G

SBC is caching the first sucessfull registration message and will answer the following REGIS-
do

TER request from the subscriber without forwarding it to the OpenScape Voice. After about
an

50% of the registration timer is reached, the SBC will pass the REGISTER request again to the
rn
Fe

OpenScape Voice which will update the registration and the process begins again.
._
_L
EN
00
EN
40
88
EN

68 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

The responsible settings can be found in the „Features“ menu under „Remote Subscribers
configuration“:

Enabled registration throttling for TLS

Enabled registration throttling for UDP/TCP (default)

Registration Timer value used to the

subscriber for registration throttling
Registration Timer value used to the sub-
scriber for registration throttling for TCP/
TLS

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Maximum/Minimum value for registrations which will be accepted.

REGISTER requests with higher/smaller values will be rejected from the SBC.

Value on which the REGISTER request will

be passed again to the OpenScape Voice

Please note: The OpenScape Voice will still add a

 randomized value to the requested registration
timer for load protection issues.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 69
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

The following diagram shows the message flow if registration throttling is active:

Subscriber OpenScape SBC OpenScape Voice

REGISTER
Initial registration

expires=3600
REGISTER
expires=3600

20
200 OK

7-
-0
200 OK

20
expires=3600

o_
expires=60

ol
ic
en
_G
every 60 seconds

REGISTER This step will be repeated

do

every 60 seconds
an

expires=3600
rn
Fe

200 OK
._
_L

expires=60
EN
00
EN
40
After 1800 seconds

REGISTER
88
EN

expires=3600 REGISTER
expires=3600
200 OK
200 OK expires=3600
expires=60
every 60 seconds

REGISTER This step will be repeated

every 60 seconds
expires=3600
200 OK
expires=60

70 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

Media Anchoring
If a SIP call will be accepted, the subscribers will usally establish the payload (RTP) directly to-
gether. If a NAT router, firewall, etc. is in use, the payload may not reach to other side:

Firewall or
NAT Router A
LAN
X
Signaling
Payload

20
7-
-0
20
There is no way to find out if the subscribers can directly establish to payload together and

o_
therefore the SBC will force the payload thru him by manipulating the SDP offer which is

ol
called „Media Anchoring“: ic
en
_G
do

Firewall or
A
an

NAT Router
rn

LAN
Fe
._

Signaling
_L

Payload
EN
00
EN

B
40
88
EN

Mostly the „B“ subscriber will open first the RTP connection. The SBC is forwarding this con-
nection to the „A“ subscriber but the firewall / NAT router may block it. Also the „A“ subscriber
will then open the RTP connection to SBC which connects both legs together.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 71
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

If it‘s known that the two subscribers belongs together (e.g. same subnet) and can directly es-
tablish the payload together, the SBC can be configured to allow this. This configuration is also
located in the „Voip“ menu under „Media “:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L

see next page

EN
00
EN

With the „Add“ button, a new definition can be added.

40
88
EN

72 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

Provide the configuration for the location as followed:

Enter a name for the location

Enable „Media Anchorning“ between
different subnets („force“)

Click to add a new entry

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._

Subnet / Netmask or logical EP ID (used for OSB)

_L

to apply this configuration

EN
00

Interface (typically eth1 or bond1) Controls the RTP (Media) in this segment:
EN

and VLAN ID (optional) on which auto - If both subscribers are located in the same network,
40

the location / device is assignd the RTP goes directly otherwise it will be anchored through
88

the SBC
EN

forced- Media will always be anchored on the SBC

Repeat this step for every location.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 73
FN9850FN10FN_TBAZZZAIMHY
 Remote Subscribers configuration

The SBC controls depending on the subscribers location if the payload will be anchored or can
go directly between the two subscribers:

Configured remote location

Firewall or
NAT Router

LAN

Signaling
Payload

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

74 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Endpoints

4 Remote Endpoints
Data Center SIP Service
Provider

LAN

PSTN

20
WAN e.G. Internet

7-
-0
20
o_
ol
ic
en
The Remote Endpoints feature of the SBC allows to connect gateways, e.g. OpenScape Busi-
_G

ness, OS4k etc, or a SIP Service Provider (SSP) to the OpenScape Voice. Compared with the Re-
do

mote Subscribers feature where the mapping table will automatically maintained requires a
an

endpoint a static mapping table which tells the SBC the type (gateway, SIP carrier or proxy)
rn

and the endpoints IP address.

Fe
._
_L
EN

Please note: Note that the following screens refer to an OS4k connected as „Remote End-
00

point“ (Access Side).

EN
40
88
EN

Provisioning
To enable this feature, check the „Enable Remote Endpoints“ option in the „Features“ menu:

see next page

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 75
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

4.1 Gateway directly behind the SBC

To create a mapping entry, click on „Remote Endpoints configuration“.
The first part of this windows will be used to configure the SIP service provider (SSP) proper-
ties. In the middle section, the mapping entry (port to IP) must be created for every endpoint.
The last section is currently not released.
In the „Remote Endpoints configuration“ section, click on „Add“ to add a endpoint mapping
entry.

20
7-
-0
20
o_
ol
ic
en
only required for SIP providers
_G
do
an
rn
Fe
._
_L
EN

click to create an new „Mapping“ entry

00
EN
40
88
EN

Required for any type of endpoint

76 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

In the 1st section, enter a name for the gateway:

1 - Enter a name for the endpoint

1 2 - Choose the endpoint type (Gateway, Proxy or SSP)
3 - If the endpoint is a Gateway or Proxy, the profile cannot
2 not been selected. For a SIP Service Provider the config-
3 ured profile must be chosen.
4 - Choose the realm profile (IP configuration) which is used
4 on the SBC to communication with this device and the SIP
server (e.g. OpenScape Voice)
5 5 - Available for Type: Media Server and/or Gateway, if associ-
ated EP is behind a Proxy/Branch SBC.

20
7-
In the „Remote Location Information“ section, choose the „Signaling address type“, click on

-0
20
„Add“ to create a new location definition and enter the endpoints IP address, port number as

o_
well the transport protocol:

ol
ic
en
_G
do

Choose if the device should be addressed direct (IP) or via DNS-SRV

an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Last a unique port (Mapping port) must be assigned for the endpoint port range (default
50000-54999) which is used for this device:

Save the mapping entry and apply the changes to complete the SBC configuration.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 77
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

Now a endpoint can be created in the OpenScape Voice. First create an endpoint profile under
Configuration  Business Group  Profiles  Endpoint Profiles.
Following screens
On the „General“ tab, at least enter a name for the endpoint profile and select the Numbering
Plan to which the gateway should be assigned.

Enter a name for the endpoint profile

20
7-
-0
20
o_
ol
Select the Numbering Plan to which the
ic
en
endpoint should be assigned
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Enable the required features on the „Services“ tab, e.g. „Call Transfer“:

78 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

Now the endpoint by itself can be created under Configuration  Business Group  Mem-
bers  Endpoints.
On the „General“ tab, enter a name for the endpoint, choose the previously created endpoint
profile and if possible select the endpoint template, in this example OS 4000 (this will set all
parameters for the selected endpoint type).

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 79
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

On the „SIP“ tab, set the required connection parameters. On static configured device, the
SBC‘s Core (LAN) IP and the port number assigned in the SBC‘s Endpoint Configuration (map-
ping table) must be entered !

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40

On the „Attributes“ tab, make sure that the required parameters are set. e.g.: for PSTN gateway
88

the „Public/Offnet Traffic“ should be set (not on a SIP-Q device):

EN

80 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Gateway directly behind the SBC

Last, on the „Aliases“ tab at least the configured mapping ports for the endpoint in the format
„<SBC‘s Core IP>:<Mapping Port>“:

20
7-
Click on „Save“ to create the endpoint. The OS 4000 must use the SBC‘s Access (WAN) IP for

-0
the SIP Registrar and Server.

20
o_
After the endpoint has succesfully registered, verify that the configured mapped port and not

ol
a port from the subscribers dynamic range (10000-49999) is shown on the endpoints „SIP“ tab:
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 81
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

4.2 Remote Branch

4.2.1 Remote Branch direct behind the OpenScape SBC (static IP)

Subscriber

Data Center
er
LAN VPN
LAN
Proxy

20
SIP via
Proxy

7-
-0
20
PSTN

o_
Branch Office

ol
ic
en
The configuration for a entire branch office (e.g. OpenScape Branch as proxy) behind the SBC
_G

is similar to the configuration of a regular branch office direct connected to the OSV, except
do

that for every endpoint (gateway and proxy) a mapping table entry must be created and this
an
rn

port will be used later in OpenScape Voice endpoint configuration again.

Fe

On the SBC, click on „Remote Endpoints configuration“ in the „Features“ menu, the „Remote
._
_L

Endpoints“ window appears.

EN
00
EN
40
88
EN

Select to enable this feature (if not already enabled) see next page

82 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

In the „Remote Endpoints configuration“ click „Add“ to create a new entry:

only required for SIP providers

20
click to create an new „Mapping“ entry

7-
-0
20
o_
ol
ic
en
_G
do

Required for any type of endpoint

an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 83
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

In the 1st section, enter a name for the OpenScape Branch:

1 - Enter a name for the endpoint

2 - Choose the endpoint type (Gateway, Proxy or SSP)
1
3 - If the endpoint is a Gateway or Proxy, the profile cannot
2 not been selected. For a SIP Service Provider the
3 configured profile must be choosen.
4 - Choose the realm profile (IP configuration) which is used
4 on the SBC to communication with this device and the SIP
server (e.g. OpenScape Voice)
5 5 - Not required - different use case

20
7-
-0
In the „Remote Location Information“ section, choose the „Signaling address type“, click on

20
„Add“ to create a new location definition and enter the endpoints IP address, port number as

o_
well the transport protocol:
ol
ic
en
_G
do
an

Choose if the device should be addressed direct (IP) or via DNS-SRV

rn
Fe
._
_L
EN
00
EN
40
88
EN

Last a unique port (Mapping port) must be assigned for the endpoint port range (default
50000-54999) which is used for this device:

50031

Save the mapping entry and apply the changes to complete the SBC configuration.

84 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

4.2.1.1 OpenScape Branch - Gateway behind Proxy

Also for the gateway part of the branch site we need to create an endpoint, which is basically
similar to the previous created endpoint direct behind the SBC. In the 1st section, enter a
name for the Gateway:

1 - Enter a name for the endpoint

2 - Choose the endpoint type (Gateway, Proxy or SSP)
1
3 - If the endpoint is a Gateway or Proxy, the profile cannot not
2 been selected. For a SIP Service Provider the configured
3 profile must be choosen.
4 - Choose the realm profile (IP configuration) which is used
4 on the SBC to communication with this device and the SIP

20
server (e.g. OpenScape Voice)

7-
OpenScapeBranch 5 5 - optional: Configure the Proxy/BranchSBC where this GW/

-0
20
MS is located behind. From the SBC point of view the same

o_
private IP address for GW/MS can be used frequently, e.g. at

ol
optional, if Branch (Proxy) is behind NAT different branch sites (far-end-nat support).
ic
en
_G
do
an

In the „Remote Location Information“ section, choose the „Signaling address type“, click on
rn

„Add“ to create a new location definition and enter the endpoints IP address, port number as
Fe

well as the transport protocol:

._
_L
EN
00
EN
40

Choose if the device should be addressed direct (IP) or via DNS-SRV

88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 85
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Last a unique port (Mapping port) must be assigned for the endpoint port range (default
50000-54999) which is used for this device:

50032

Save the entry as well the „Remote Endpoints“ configuration and select „Apply changes“. The
SBC configuration for the branch office has been completed with this step.

20
7-
Now the OpenScape Voice configuration can be executed with the following steps:

-0
20
1: Navigate to Configuration tab  OpenScape Voice and select the

o_
Business Group icon within the Navigation Bar in Common Man-
ol
agement Portal. ic
en
_G

2: Select the <Business Group> in the Available Business Groups pull-

do

down associated the SBCs to be viewed.

an

The Business Group selected appears in the Available Business

rn

Groups pulldown.
Fe

3: Select Profiles  Endpoint Profiles.

._
_L

The system presents the Endpoint Profiles List view in the Work
EN

Area with a current list of endpoint profiles.

00

4: Proceed as follows to create a new endpoint profile for the Proxy

EN

(OpenScape Branch):
40
88

• Click the Add... button.

EN

The <BG name> - Add Endpoint Profile dialog is displayed.

• Fill in the Endpoint Profile Name.
• Select a numbering plan for the OSB from the Numbering Plan se-
lection list.

86 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

5: Select Members  Endpoints.

The system presents the Endpoints List view in the Work Area with
a current list of endpoints.
6: Proceed as follows to create a new endpoint for the „Proxy“ (Open-
ScapeBranch):
• Click the Add... button.
The <BG name> - Add Endpoint dialog is displayed.
• Fill in the Endpoint Name.
• Select the previously created endpoint profile.
• If possible, select the endpoint template which applies to the used
proxy server device. This will set all necessary parameters for the
endpoint.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 87
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

• On the „SIP“ tab, verify that the endpoint type is set to „SIP Trunk-
ing“.
• The SIP Signaling Type must be set to „Static“ for a proxy server.
• Set the Signaling Address Type to „IP Address or FQDN“.
• Enter the SBC‘s Core IP in the „Endpoint Address“ field and the pre-
viously configured mapped port in the port field.
• Set the Transport protocol to „TCP“.

20
7-
-0
20
o_
ol
ic
en
_G
do
an

50031
rn
Fe
._
_L
EN
00
EN

• On the „Attributes“ tab, check the following attributes: „Survivable

40

Endpoint“, „SIP Proxy“, „Route via Proxy“ and „Public/Offnet Traf-

88

fic.
EN

88 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

• On the „Aliases“ tab, add the both configured mapped ports in the
following format: „<SBC‘s Core IP>:<Mapped Port>“.

50031

• Go back to the „General“ tab and check the „Registered“ option:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88

The configuration of the Proxy is done.

EN

Next steps tread the „Gateway behind Proxy“ part.

7: Select the Branch Office List  Branch Offices in the Navigation
Tree.
The system presents the Branch Office List view in the Work Area
with a current list of all SBCs and branch offices associated with the
selected Business Group.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 89
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

8: Proceed as follows to create a new branch office:

• Click the Add... button.
The <BG name> - Add Branch Office dialog is displayed.

1 - Fill in the Branch Office Name and and select

the previously created endpoint for the OSB in
the Representative End Point field.
2 - Select a numbering plan for the OSB from the
1 Numbering Plan selection list.
3 - Select an office code from the Office Code
selection list (optional).
2

20
4 - If required, select the routing area of the OSB in

7-
3 the Routing Area selection list (optional).

-0
5 - The checkbox „This is a Branch Office of type

20
o_
4 OpenScape Branch“ can be selected but it will

ol
5 later not be possible to manage the OpenScape
ic
en
Branch via the CMP behind the SBC.
_G
do
an
rn
Fe

• Click on „Save“ to create the branch office.

._
_L
EN

9: To create the gateway, select Profiles  Endpoint Profiles.

00
EN

The system presents the Endpoint Profiles List view in the Work
40

Area with a current list of endpoint profiles.

88
EN

90 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

10: Proceed as follows to create a new endpoint profile for the Gateway
(e.g. Mediatrix):
• Click the Add... button.
The <BG name> - Add Endpoint Profile dialog is displayed.

1 - Fill in the Endpoint Profile Name.

2 - Select a numbering plan for the gateway
1 from the Numbering Plan selection list.

20
7-
2

-0
20
o_
• Select the required services, e.g. Call transfer, on the „Services“ tab

ol
and click on „Save“ to create the Endpoint Profile. ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

11: Select the previously created Branch Office in the navigation tree.
12: Select Members  Endpoints.
The system presents the Endpoints List view in the Work Area with
a current list of endpoints.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 91
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

13: Proceed as follows to create a new endpoint for the gateway:

• Click the Add... button.
The <BG name> - Add Endpoint dialog is displayed.

1 - Fill in the Endpoint Name.

2 - Select the previously created endpoint profile.
3 - Verify that the previously created branch office is
1 selected.
4 - If possible, select the endpoint template which ap-
plies to the used proxy server device. This will set
2 all necessary parameters for the endpoint.
3

20
7-
-0
20
o_
4

ol
ic
en
_G

• On the „SIP“ tab

do
an
rn

5 - Verify that the endpoint type is set to „SIP

Fe

Trunking“ for the Mediatrix gateway.

._
_L

6 - The SIP Signaling Type, Address Type as well

EN

the Endpoint Address and Port are fixed set for

5
00

the selected device otherwise it must be speci-

EN

fied.
40

7 - Set the Transport protocol to „TCP“.

88
EN

92 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

• On the „Attributes“ tab

check the Public/Offnet Traffic if

required

20
7-
• On the „Aliases“ tab

-0
20
o_
ol
ic
en
_G

Add the both configured mapped ports for

do

the gateway in the following format:

an

„<SBC‘s Core IP>:<Mapped Port>“.

rn

50032
Fe
._
_L
EN

14: Configure the routing as required ...

00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 93
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Next, the OpenScape Branch can be configured which is nearly similar then SBC configura-
tion except that the IP address which will be used is now the SBC‘s Access (WAN) IP. Connect
to the OpenScape Branch local GUI via a web browser and logon as administrator. In the
„VoIP“ menu under „SIP Server Settings“ set the „Comm System Type“ to „Simplex“ if a single
SBC is used, „Collocated“ (Active-Active mode on SBC) or Geo-Separated if a second SBC needs
to be addressed.

Simplex:

20
7-
1 physical WAN IP of the SBC

-0
20
collocated:

o_
used, if „Active-Active“ logic is
ol
ic used on the SBC (to communi-
en
_G

cate with the OSV).

do
an

geo-separated:
rn

2 independent/separated SBC‘s
Fe

needs to be addressed.
._
_L
EN
00
EN
40
88
EN

94 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Enter the SBC‘s Access (WAN) IP under „Primary“ server, select the configured transport pro-
tocol („TCP“ by default) and the port number under which the SBC is accepting SIP requests.

if „Active-Active“ or geo-separated OSV‘s via SBC...

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn

The node settings specify the communication type thru the SBC - access interface.
Fe
._

Please note: Primary and Backup server settings for Node 1 and Node 2 are required if a 2nd
_L

SBC is used- in front of a L3 separated OSV.

EN
00

Please note: In case of a DNS-SRV scenario, select Target type: „SRV Record“ and configure
EN

the record entry per node.

40
88
EN

Please note: The OpenScape Branch cannot be

 managed by the CMP if it‘s located behind the SBC.

All administration tasks must be executed on the lo-
cal GUI.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 95
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Save the settings and click on „Apply Changes“.

After a few moments the connection to the OpenScape Voice should be established which can
be verified on the under „Maintenance & Diagnostics“  „System status“. The „Operational
state“ should show „normal“:

20
7-
-0
20
o_
ol
Last, the Mediatrix gateway can be configured. The only difference to a in this case is that the
ic
en
SBC‘s Access (WAN) IP will be configured in the gateway instead of the OpenScape Voice SIP
_G

Signaling IP. Logon the the gateways web GUI via a web browser. On the „SIP“ menu under
do

„Servers“ enter the SBC‘s IP under „Registrar Host“ and „Proxy Host“. In the „Outbound Proxy
an

Host“ field enter the OpenScape Branch IP:

rn
Fe
._
_L
EN
00
EN
40
88
EN

Save the settings by clicking on the „Submit“ button. The responsible process must be restart-
ed which can be done via the link „services table“ which will appear after the changes has been
saved.

96 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

On the following screen, click on „Restart Required Services“. This will force the gateway to
send the registration.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 97
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

If the registration was successful, can be verified under SIP  Registrations:

20
7-
-0
20
o_
ol
ic
en
_G

Also make sure that the SBC has successful recognized the gateway. On the OpenScape Voice
do
an

check the register information on the endpoint‘s „SIP“ tab. Important is that the shown port
rn

number matches the configured mapped port and not a port from the subscribers dynamic
Fe

range (10000-49999):
._
_L
EN
00
EN
40
88
EN

50032

98 Configuration 02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Now the phones can be configured as followed.

Login to the phones Administrator Pages and navigate to System  System Identity. Enter the
subscriber ID in E164 format in the Terminal Number field. Optional, enter a display identifi-
cation and check the option „Enable ID“:

20
7-
-0
Navigate to System  SIP interface and make sure that the „Outbound Proxy“ is checked (de-

20
fault) as well the correct transport protocol is selected (TCP since OSV V5):

o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 99
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Last under System  Registration enter the SBC‘s WAN IP in the SIP server and registrar ad-
dress field and the OpenScape Branch LAN IP in the SIP gateway filed. If digest authentication
is enabled (recommended), enter this information as configured for the subscriber in the
OpenScape Voice:

Mediatrix IP:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40

Verify that the Server type is set to „OS Voice“. The 1st registration takes a few moments but
88

the phone should become registered in less then one minute.

EN

100 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

4.2.2 Remote Branch behind NAT device connected to the SBC

Please note: This feature provides support for a hosted OpenScape Branch where dynamic
IP addressing is used for the branch.
Such deployments are typical for xDSL networks due to high costs for static IP addressing by
network providers. The OSB appliance on the customer LAN will utilize the customer NAT
router interfacing to the xDSL modem (or integrated xDSL modem/ NAT router as the IP gate-
way) for all communications. The primary feature objectives are:
• Ensuring VoIP communication is maintained whenever the net-
work provider changes the Branch IP address.
• Support media anchoring or media release based on network con-
nectivity network associations established for the remote branch.

20
7-
Unless the customer purchases a higher tiered IP service using static IP the network provider

-0
is free to reassign the public IP address at any time.

20
o_
The reassignment may be quite frequent, i.e., daily in some markets. To support dynamic IP

ol
address reassignment, the OS-SBC can no longer rely on a static remote endpoint configura-
ic
en
tion and must instead support other means to address the remote branch appliance.
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 101
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

With the new feature implementation OpenScape Branch SBC remote endpoints utilizing a
dynamic IP address can be identified in the configuration as "Dynamic IP". An IP address bind-
ing will be established when the branch appliance sends the SIP OPTIONS message for surviv-
ability.
The feature introduces OS-SBC Local GUI and OSB (OS-SBC) Assistant GUI changes in support
of the new connectivity capability as well as preparing for more flexible media connectivity
capabilities. The following changes are considered:
• Dependencies between signaling and media as they need to be
considered independently.
• Network endpoints identified as media endpoints and/or source
media streams identify both signaling and media support require-
ments. Media Endpoints belong to a new membership identified as

20
"Media Realms".

7-
-0
Regarding support for private networks deploying several devices behind a NAT (fixed or dy-

20
namic IP):

o_
ol
• Some NAT routers have exhibited RTP routing issues when han-
ic
en
dling multiple simultaneous RTP streams with different devices.
_G

• The problem has been isolated to a poor implementation when

do

processing RTP streams from different LAN devices which use the
an

same RTP source port, even though they are using different private
rn
Fe

IP addresses.
._
_L

• The behavior has not been associated with a particular vendor's

EN

NAT router or firmware version so if RTP dropout problems are

00

observed when multiple RTP streams are present, all media devic-
EN

es should be reconfigured to use different RTP media base ports

40

and SIP signaling source ports.

88
EN

102 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

4.2.2.1 Provisioning
The following diagram provides an overview about the scenario which will be configured on
the following pages:

Subscriber

NAT Router
Data Center
er
LAN

LAN WAN e.g. Internet

20
Branch

7-
-0
Office

20
o_
PSTN

ol
ic
en
_G
do

Branch configuration:
an
rn

First, in the „Licenses“ tab of the „System“ menu, verify that the Logical branch office ID is con-
Fe

figured:
._
_L
EN
00
EN
40
88
EN

This will be done normally from the OSB assistant during the 1st contact with the CMP. In case
that the device is operated in standalone mode, the Logical branch office ID can be entered as
well manual in the format: <Cluster Name>:<Business Group Name>:<Branch Office Name>

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 103
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Now set the „Comm System Type“ to „Simplex“ or „Collocated“ / „Geo-Separated“ depending
on the communication type through the SBC(s).
Activate the option „Branch behind NAT“ in the „VoIP“ menu under „SIP Server Settings“.

Simplex:
1 physical WAN IP of the SBC

collocated:
used, if „Active-Active“ logic is used
on the SBC (to communicate with
the OSV).

20
geo-separated:

7-
2 independent/separated SBC‘s

-0
20
needs to be addressed.

o_
ol
ic
en
_G
do

Under „Primary server“ of Node 1 the OpenScape SBC‘s WAN IP or FQDN name must be con-
an

figured:
rn
Fe
._
_L
EN
00
EN
40
88
EN

if „Active-Active“ or geo-separated OSV‘s via SBC...

Click on „Apply Changes“ to activate the new configuration.

104 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Then on the SBC the OpenScape Branch device must be configured on the SBC as followed:
On the SBC, click on „Remote Endpoints configuration“ in the „Features“ menu, the „Remote
Endpoints“ window appears.

20
Select to enable this feature (if not already enabled) see next page

7-
-0
20
In the „Remote Endpoints configuration“ click „Add“ to create a new entry:

o_
ol
ic
en
_G
do
an
rn
Fe
._
_L

only required for SIP providers

EN
00
EN
40
88
EN

click to create an new „Mapping“ entry

Required for any type of endpoint

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 105
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Enter a name for the entry and select the type „Proxy“ (this will automatically select the Profile
„Default Proxy“):

1 - Enter a name for the endpoint

1 2 - Choose the endpoint type (Gateway, Proxy or SSP)
3 - If the endpoint is a Gateway or Proxy, the profile cannot not
2 been selected. For a SIP Service Provider the configured
3 profile must be choosen.
4 - Choose the realm profile (IP configuration) which is used
4 on the SBC to communication with this device and the SIP
server (e.g. OpenScape Voice)
5 5 - Not required ...

20
7-
In the „Remote Location Information“ table, select the new Signaling address type „Dynamic

-0
20
IP“ and enter the „Logical branch office ID“ which has been retrieved / configured earlier on

o_
the OSB.

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Please note: The „Logical branch office ID“ will be

 used later from the SBC to match the OSB‘s dynam-
ic IP to this entry and must match on both sides!

106 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Last, enter the SBC‘s LAN IP which should be used to forward traffic from this device to the
OSV and assign a unique TCP / TLS port from the static endpoint port range:

50006

20
7-
-0
20
o_
ol
ic
en
50006
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

50006

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 107
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Save all configurations and click on „Apply Changes“ to activate the new configuration. The
OSB should switch to „Normal“ mode shortly:

20
7-
-0
20
That the SBC can reach the branch office, the OSB will send a SIP OPTIONS message with it’s

o_
Logical-Endpoint-ID encrypted (MD5 encoding using an internal shared-secret) in a new “X-

ol
Siemens-Identity” header:
ic
en
_G
do

OPTIONS sip:[email protected]:5060;transport=TCP SIP/2.0

an

Via: SIP/2.0/TCP 1.20.250.187;branch=z9hG4bK94585B59240F0F04.40373755;i=1

rn
Fe

Via: SIP/2.0/TCP 1.20.250.187;branch=z9hG4bKe8ce3f2c

._

Via: SIP/2.0/TCP 1.20.250.187:5060;branch=z9hG4bK4a706f18

_L
EN

X-Siemens-Identity: SS-nAGsUjPdwXO4F1QN.p4RIAm9
00

Call-ID: 2592fba6
EN

From: <sip:[email protected]>;tag=403737553
40

CSeq: 1 OPTIONS
88
EN

Content-Length: 0
Max-Forwards: 70
To: <sip:[email protected]:5060;transport=TCP>
User-Agent: SIP alive check
X-Siemens-Proxy-State: normal

If the decrypted Logical-Endpoint-ID matches a remote endpoint, the OS-SBC will update the
external IP for the remote endpoint.

108 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

This can be monitored on the SBC‘s dasboard with the button „Dynamic IP remote endpoints“
in the „System Info“ section:

20
7-
-0
sbc:Unify:EP_OSB

20
o_
ol
ic
en
_G

External IP of NAT router

do
an
rn
Fe
._
_L
EN

The above process is automatic and requires no further action on the part of the user.
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 109
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

4.2.3 Remote Branch via OpenScape Branch SBC Mode

Subscriber

Data Center
er
LAN

LAN WAN e.g. Internet

OSB
Branch
(SBC Mode) Office

20
7-
PSTN

-0
20
o_
ol
ic
Another supported scenario is the OpenScape Branch SBC mode. Compared with the previ-
en
ous OSB scenario, the OSB acts as a branchSBC, means the connection between the Branch
_G

and the SBC is established via „WAN“ port. Branch phones use the LAN side as „Proxy“.
do
an
rn
Fe

4.2.3.1 Provisioning
._
_L

On the SBC, click on „Remote Endpoints configuration“ in the „Features“ menu, the „Remote
EN

Endpoints“ window appears.

00
EN
40
88
EN

Select to enable this feature (if not already enabled) see next page

110 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

In the „Remote Endpoints configuration“ click „Add“ to create a new entry:

only required for SIP providers

20
click to create an new „Mapping“ entry

7-
-0
20
o_
ol
ic
en
_G
do

Required for any type of endpoint

an
rn
Fe
._
_L
EN
00
EN

In the 1st section, enter a name for the entry and select the type „Branch SBC“ (this will auto-
40

matically set the Profile to „Default SBC):

88
EN

1 - Enter a name for the endpoint

1 2 - Choose the endpoint type („Branch SBC“)
3 - Profile is always „Default SBC“
2 4 - Choose the realm profile (IP configuration) which is used on
3 the SBC to communication with this device and the SIP
server (e.g. OpenScape Voice)
4 5 - Not required ...

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 111
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

In the „Remote Location Information“ section, choose the „Signaling address type“
• IP or FQDN
• DNS-SRV
• Dynamic IP > uses Logical ID mechanism (SIP option with X-Sie-
mens-Identify as a hash value) to authorize EP‘s with variable
(public) IP or EP‘s behind external NAT.
click on „Add“ to create a new location definition and enter the Remote URL, port number as
well the transport protocol:

20
Choose if the device should be addressed direct (IP, FQDN, DNS-SRV)

7-
or via „Dynamic IP“

-0
20
o_
ol
ic
en
_G
do

Fixed IP on the BranchSBC side ...

an
rn
Fe
._
_L

or ...
EN
00
EN
40
88
EN

Dynamic IP with „Logical ID“ on the BranchSBC side ...

112 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Last a unique port (Mapping port) must be assigned for the endpoint port range (default
50000-54999) which is used for this device:

50005

Save the entry and click again on „Add“ to create a mapping entry for the gateway.

20
Now the OpenScape Voice configuration can be executed with the following steps:

7-
-0
1: Navigate to Configuration tab --> OpenScape Voice and select the

20
Business Group icon within the Navigation Bar in Common Man-

o_
agement Portal.
ol
ic
2: Select the <Business Group> in the Available Business Groups pull-
en
_G

down associated the SBCs to be viewed.

do

The Business Group selected appears in the Available Business

an

Groups pulldown.
rn

3: Select Profiles --> Endpoint Profiles.

Fe
._

The system presents the Endpoint Profiles List view in the Work
_L

Area with a current list of endpoint profiles.

EN

4: Proceed as follows to create a new endpoint profile for the Proxy

00

(OpenScape Branch):
EN
40

• Click the Add... button.

88

The <BG name> - Add Endpoint Profile dialog is displayed.

EN

• Fill in the Endpoint Profile Name.

• Select a numbering plan for the OSB from the Numbering Plan se-
lection list.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 113
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

5: Select Members  Endpoints.

The system presents the Endpoints List view in the Work Area with
a current list of endpoints.
6: Proceed as follows to create a new endpoint for the Proxy (Open-
Scape Branch):
• Click the Add... button.
The <BG name> - Add Endpoint dialog is displayed.
• Fill in the Endpoint Name.
• Select the previously created endpoint profile.
• If possible, select the endpoint template which applies to the used
proxy server device. This will set all necessary parameters for the
endpoint.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

114 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

• On the „SIP“ tab, verify that the endpoint type is set to „SIP Trunk-
ing“.
• The SIP Signaling Type must be set to „Static“ for a proxy server.
• Set the Signaling Address Type to „IP Address or FQDN“.
• Enter the SBC‘s Core IP in the „Endpoint Address“ field and the pre-
viously configured mapped port in the port field.
• Set the Transport protocol to „TCP“.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe

50005
._
_L
EN
00
EN
40
88
EN

• On the „Attributes“ tab, check at least the following attributes:

„Survivable Endpoint“, „SIP Proxy“ and „Route via Proxy“.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 115
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

• On the „Aliases“ tab, add the both configured mapped ports in the
following format: „<SBC‘s Core IP>:<Mapped Port>“.

50005

• Go back to the „General“ tab and check the „Registered“ option:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

7: Select the Branch Office List  Branch Offices in the Navigation

Tree.
The system presents the Branch Office List view in the Work Area
with a current list of all SBCs and branch offices associated with the
selected Business Group.

116 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

8: Proceed as follows to create a new branch office:

• Click the Add... button.
The <BG name> - Add Branch Office dialog is displayed.

1 - Fill in the Branch Office Name and and select the

previously created endpoint for the OSB in the
Representative End Point field.
2 - Select a numbering plan for the OSB from the
1 Numbering Plan selection list.
3 - Select an office code from the Office Code
2 selection list (optional).
4 - If required, select the routing area of the OSB in
3

20
the Routing Area selection list (optional).
4

7-
5 - The checkbox „This is a Branch Office of type

-0
OpenScape Branch“ can be selected but it will

20
3

o_
later not be possible to manage the OpenScape

ol
Branch via the CMP behind the SBC.
ic
en
_G
do
an
rn
Fe
._

• Click on „Save“ to create the branch office.

_L

9: Proceed with the endpoint / subscriber configuration in the

EN

branch office as required.

00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 117
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Next, the OpenScape Branch can be configured. Either connect to the OpenScape Branch lo-
cal GUI or to the CMP via a web browser and logon as administrator. Until the SBC Mode can
be activated, the WAN interface must be configured on the „Settings“ tab of the „Network/Net
Services“ menu. Locate the Physical Network Interface section (depends on the used hard-
ware, typically the last), enable the interface by checking the „Enabled“ optin:

20
7-
-0
20
o_
ol
ic
Check to enable the interface
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

118 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Assign an IP to this interface in the „Interface Configuration“ section and specify the TCP, UDP
and TLS port on which the OSB is listening for incoming requests (typically 5060/5060/5061):

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

The default gateway should be configured on the WAN interface under the „Routing“ section:
00
EN
40
88

Enter the default gateway IP

EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 119
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Optional, the OpenScape Branch can be used as a DHCP server, e.g. for the phones, if no other
one is available. At the „DHCP“ tab of the „Network / Net Services“ menu check the „Enable
DHCP Server“ checkbox to enable the DHCP Server. Provide a IP address port rang and use
the OpenScape Branch as the default router:

Enter the dynamic IP range

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Enter the default GW IP

120 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

In the „System“ menu under „Settings“ set the „Branch Mode“ to „Branch SBC“:

20
Under „SIP configuration“ in the „VoIP“ menu set the „OpenScape Voice mode“ to the corre-

7-
-0
sponding SBC scenario. Check the option „Branch behind SBC“ and optional „Branch behind

20
NAT“ (if a NAT router is used. This requires that the „Logical Branch Office ID“ is set as de-

o_
scribed earlier):
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Please note: The OpenScape Branch cannot be

 managed thru the CMP if it‘s located behind the

SBC. All administration tasks must be executed on
the local GUI.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 121
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Now set the „Comm System Type“ to „Simplex“ or „Collocated“ / „Geo-Separated“ depending
on available SBC‘s.:

if „Active-Active“ or geo-separated OSV‘s via SBC...

20
7-
-0
20
o_
ol
ic
en
_G

Save the settings and click on „Apply Changes“.

do
an
rn
Fe

Please note: The previous configuration allows

._

 phones to register to the OSV via SBC. Please con-

_L

sider additional configuration steps if the Branch is

EN

in „Survivability“ mode.
00
EN
40
88

After a few moments the connection to the OpenScape Voice should be established which can
EN

be verified on the „Dashboard“  „System status“. The „Operational state“ should show „nor-
mal“:

122 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Now the phones can be configured as followed. Login to the phones Administrator Pages and
navigate to System  System Identity. Enter the subscriber ID in E164 format in the Terminal
Number field. Optional, enter a display identification and check the option „Enable ID“:

20
Navigate to System  SIP interface and make sure that the „Outbound Proxy“ is checked (de-

7-
fault) as well the correct transport protocol is selected (TCP since OSV V5):

-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 123
FN9850FN10FN_TBAZZZAIMHY
 Remote Branch

Last under System  Registration enter the SBC‘s WAN IP in the SIP server and registrar ad-
dress field and the OpenScape Branch LAN IP in the SIP gateway filed. If digest authentication
is enabled (recommended), enter this information as configured for the subscriber in the
OpenScape Voice:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

Verify that the Server type is set to „OS Voice“. The 1st registration takes a few moments but
00

the phone should become registered in less then one minute.

EN
40
88
EN

124 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 SSP Connection

5 SSP Connection
Use the following as an example to establish communication to a SIP Service Provider (SSP)
Following scenario is based on a reference SSP - called DTAG Deutschland LAN (DLAN) and of-
fered as ALL-IP solution.
The documentation is structured as follows:
• CSBC configuration
CSBC located behind an external FW > Mechanism „UDP-Pinholing“
supported
TCP connection (unsecured)

20
7-
TLS connection (secured)

-0
20
• use case 1: Core side OSV configuration

o_
• use case 2: Core side OS4k
ol
ic
en
Goal: This document presents an example on how to connect a SSP based on a reference ar-
_G

chitecture.
do
an

Software: The CSBC SW used for this LAB is V9R4.5

rn
Fe

Please note: Other SSPs can be used as well, please negotiate the capability/credentials be-
._

forehand.
_L
EN

Important: Due to security reasons, we need to hide password within this docu, to avoid
00

misunderstandings. Your lecturer will provide you login credentials to be used

EN

during the training session.

40

Please use this for training purposes only!!!

88
EN

SSP:
For test purposes we used the SSP DTAG with the following criterias:
Tarif: DeutschlandLAN SIP-Trunk Pure Pooling
Access Number: 551127098975
Voice Channels: 40
CLIP N/S: Yes
SIP-Trunk Registration Number: +4922843353360
Country Code: 49
Area Code 0228
SIP-Trunk Number 4335336-0
SIP-Trunk Range 0-9
SIP-Trunk Username 551127098975

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 125
FN9850FN10FN_TBAZZZAIMHY
 SSP Connection

SIP-Trunk Password xxxxxxxx (kept secret) > your lecturer provides you adequate cre-
dentials.
Please note: By design the DLAN „pure“ option shall support a random Internet connection,
which is not bound to any physical xDSL/FTTH by Telekom.
Note, that in this case we have no guaranteed speech-path in terms of QoS!

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

126 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1 CSBC configuration

Following guides you through the configuration.

5.1.1 Network/QoS
In general, Network/QoS settings shall be configured as follows:
DNS:
Required in the CSBC is an DNS setting that points to the internet in order to resolve the SSP
records (DNS/DNS-SRV)

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 127
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

For DTAG a DNS-SRV resolve might look like the following:

oss2000:~ # nslookup
> set type=SRV
> _sip._tcp.reg.sip-trunk.telekom.de
Server: 10.80.200.200 << our local DNS that has a forwarding to the internet
Address: 10.80.200.200#53

Non-authoritative answer:
_sip._tcp.reg.sip-trunk.telekom.de service = 1 5 5060 n-ipr-a02.sip-trunk.telekom.de.
_sip._tcp.reg.sip-trunk.telekom.de service = 10 5 5060 d-ipr-a01.sip-trunk.telekom.de.
_sip._tcp.reg.sip-trunk.telekom.de service = 0 5 5060 n-ipr-a01.sip-trunk.telekom.de.

Authoritative answers can be found from:

20
n-ipr-a02.sip-trunk.telekom.de internet address = 217.0.15.69

7-
n-ipr-a01.sip-trunk.telekom.de internet address = 217.0.15.67

-0
20
o_
QoS
ol
ic
en
QoS settings for DSCP based on the carrier specification - in this case the 1TR114 implemen-
_G

tation.
do

Again, all this settings depend on the SIP Carrier. Please negotiate this beforehand
an
rn
Fe
._
_L
EN
00

Example for „DLAN“ (DTAG) SSP

EN
40
88
EN

128 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Media Profile
Media payload can be encrypted. cipher suite capabilities will be offered through SIP SDP. Rec-
ommended is to use the „SDES“ method to negotiate cipher(s) for encryption.
Please note: „srtp“ via SDES can be used independent from TLS to the provider. This is a dif-
ferent story and will be covered later.
unsecured „Media“ connection (rtp):

20
7-
„rtp“ only

-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 129
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

secured „Media“ connection (srtp) profile:

„srtp“ only - via SDES

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

130 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1.2 Remote Endpoint

Section „SSP“ in conjunction with „Remote Endpoint“ needs to be configured.:

5.1.2.1 SIP Service Provider Profile

Overview:

used to update/populate SSP settings based on a csv

20
template

7-
-0
20
o_
ol
ic SSP connectivity
en
_G
do
an
rn
Fe
._

Remote EP with binding to SSP

_L

and Core-Side
EN
00
EN
40
88
EN

Explanation: Download New Profile List - from an external SFTP Server:

Unify provides a procedure to download new default profile list from an external sftp server.
Based on the Test/Certification result, Unify offers a csv file, which includes the SSP settings.
Note, the profile list values shall be synchronized with the SWS delivery.
Please note: The file „ssp-default-profilesOSS.csv“ must be used as an template only.
Goal is, to get SSP settings, which are updated and/or completely new by Unify.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 131
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Configure Sip Service Provider Profile (SSP connectivity):

If enabled, all identity header

fields are modified to include
the SIP service address net-

Check if a REGISTER request should

be send and configure the registra-

20
7-
Allow to replace the FROM head-

-0
er for carriers which support one

20
single DN only

o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40

Explanation below ...

88
EN

132 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Outgoing SIP Manipulation:

SSP SIP header manipulation is based on matching rules on the following SIP headers:
• R-URI
• From
• P-PI
• P-AI
• Diversion
• P-AI (or FROM if no P-AI exists) - manipulates the digits in the P-Asserted
Identity Header or, the digits in the From Header when no PAI header is pres-
ent

20
A new digit manipulation rule is added using the „Add“ button. In this case a new row is cre-

7-
ated in the table.

-0
20
• Match digits

o_
This parameter defines the matching digits. Only numerical digits or the char-

ol
acter "+" are supported ic
en
• Match Position
_G

This parameter defines from which digit position the matching is performed
do

on the header. The first position is 0.

an
rn

• Match Length
Fe

Enter a valid value (format x, x/, or x/y) for field Match length.
._
_L

• Header
EN

The legal SIP Header values are listed at the top of this section.
00

• Delete/insert position
EN

This parameter defines from which digit position on the header the fields
40

"Number of digits to delete" and "Insert digits at position" are applied. If the
88
EN

value of this parameter does not correspond to an effective position on the

header digits, the related operations will be ignored. The first position is "0".
• Number of digits to delete
The number of digits to be deleted from the defined position. If there are not
enough digits to be deleted from the defined position on the header, this op-
eration will be ignored.
• Insert digits
The digits to be inserted at the defined position
• Add prefix
The prefix to be added to the digits on the header.
• Replace all with
The digits to replace all header digits.
• Call Type
The Call Type that digit manipulation applies. The current option is ’SIP-Pro-
vider’.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 133
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Incoming SIP Manipulation:

Takes effect for the Access Side - incoming wise.
„Calling Party Number“ (CPN) - Most of SSPs send the CPN number only in the user party of
From or P-Asserted-Identity headers. However, some provides send the user and display name
parts of those headers as described in RFC2161.
The possible options are:
• From header user and display name part:
Preserves the user and display name parts of From header (Default val-
ue).
• From header user part:
Uses the From user part as the CPN.

20
If present, the display name is removed from this header.

7-
• From header display name part:

-0
20
Uses the display name part of the From header as the CPN.

o_
If present, the display name replaces the user part in From header. Oth-

ol
erwise, no manipulation is done. ic
en
• P-Asserted-Identity user part
_G

Uses the P-Asserted-Identity user part as the CPN.

do

If present, the display name is removed from this header.

an
rn

• P-Asserted-Identity display name part

Fe

Uses the display name part of the P-Asserted-Identity header as the

._
_L

CPN.
EN

If present, the display name replaces the user part in P-Asserted-Identi-

00

ty header. Otherwise, no manipulation is done.

EN
40
88
EN

134 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

FLAGS:
• FQDN in TO header to SSP
If selected (enabled), To header is modified for the in-dialog SIP Requests sent
to SSP with FQDN configured for SSP.
• Use TO DN to populate the R-URI
Enable if the SIP Service Provider is sending the Account information in the
Request URI and the destination information in the To header. Default is dis-
abled.
• Send Default Home DN in Contact for Call messages
• Allow SDP changes from SSP without session version update
Flag to take care of SSP which are incorrectly keeping the same session id and
session version but changing the contents of the SDP.

20
• Do not send INVITE with sendonly media attribute

7-
-0
section 2.5.1.11 in release note V9R4.5 .....

20
• Do not send INVITE with sendonly media attribute to SSP

o_
ol
• Do not send Invite without SDP ic
en
OS SBC now supports a new configuration item per SIP Service Provider pro-
_G

file which allows setting an indication whether the SSP supports receiving IN-
do

VITE without SDP or not. The flag in the SSP Profile, has the same name as the
an

endpoint attribute used in OSV: Do not send INVITE without SDP.

rn
Fe

Whenever OS SBC receives an initial INVITE without SDP targeted for a re-
._

mote endpoint for which the new Do not send INVITE without SDP flag is set,
_L

the SBC will select a free RTP port on the Access side of the SBC to be included
EN

in the SDP offer.

00

The codecs in the SDP offer to the SSP are configurable by enabling Codec sup-
EN

port for transcoding under the Features Page from LOCAL GUI and selecting
40

which codecs to allow. A media profile can then be created from VOIP Media
88
EN

page and the codecs can be chosen and assigned a priority in the generated
SDP offer.
For incoming calls from the SSP, the SSP must offer at a minimum an unsecure
audio stream.
An Initial INVITE with secure media only in the SDP received on the access
side from the SSP shall be rejected by the OS SBC with a 488 Not Acceptable
Here SIP response, if the SSP sending the INVITE with SDP has the “Do not
send INVITE without SDP” flag set.
“Do not send INVITE without SDP” flag requires Media Protocol to be RTP for
the Remote Endpoint representing the SSP
• Do not send Re-Invite when no media type change:
Do not send re invite to SSP if there is no change in the media type character-
istics towards SSP (e.g. audio to audio re-invite). Please note that old Codecs
from the SSP would be reused towards the core and hence requires that at
least one common codec should exist between all endpoints including SSP.
• Do not send Re-Invite:
Do not send re invite at all to the SSP.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 135
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

• Preserve To and From headers per RFC2543

When set the To and From header to the SSP would match the URI received
from the SSP in order to meet the RFC2543 dialog matching requirements.
• Remove Silence Suppression parameter from SDP:
Remove the attribute for silence suppression in the SDP towards the SIP Ser-
vice Provider.
• Enable pass-through of Optional parameters:
When enabled, you may configure up to 10 optional SIP - Header parameters
pass-through for Call handling to / from SIP Service Providers (SSPs). You only
need to add the parameter name (e.g. "alias").
• Send default Home DN in PAI/PPI:
When activated, the configured „Default Home DN“ will be used through the

20
SSP

7-
• Allow single SSP with different home DN prefix based handling:

-0
20
This feature supports multiple remote EP‘s towards the same SSP - based on

o_
different Home-DN‘s. Up to 400 Remote EP‘s can be created for a single SSP to
ol
ic
provide routing based on Home-DN prefix.
en
Please Note, if this flag is set then all the Remote Endpoints pointing to the
_G

same SSP must be configured with the same media settings

do
an

• Ignore last digit in Default home DN for incoming calls from SIP trunk:
rn

This flag is a subnet of “Allow single SSP with different home DN prefix based
Fe

handling”. Enabling this flag allows the last digit in RURI to be ignored before
._
_L

matching it against the Default Home DN configured in order to route the call
EN

correctly towards SIP Server.

00
EN
40
88
EN

136 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

TLS Signaling
This box is used to configure how TLS as a transport type will be signaled in the SIP messages
of remote endpoint calls. Possible values are:
• Transport=tls
Uses parameter "transport=tls" in SIP messages and does not accept SIPS URI.
• SIPS Scheme
Uses the TLS connection to identify the transport type of registration, uses
SIPS URI in Record-Route header of remote endpoint requests.
• Endpoint Config
Uses the remote endpoint configuration to determine the transport and does
not use "transport=tls" nor SIPS URI in the SIP Message.

20
• Pass-Thru

7-
Accept or Send transport=tls or SIPS in SIP Message.

-0
20
If we use the Endpoint Config Option, we have to upload the required certificates and config-

o_
ure the certificate-profiles first
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 137
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Sip Connect

• Use tel URI

Defines that SIP Connect supports sending and receiving Tel URI formats
(starts with ‚tel:‘ instead of ‚sip:‘ - to and from the SSP.
If SBC receives Tel URI from SSP, it converts it to SIP URI and forwards this to

20
OSV and vice versa.

7-
• Send user=phone in SIP URI

-0
20
Used to add parameter “user = phone” to the SIP URI for a global E.164 num-

o_
ber torwards SSP.

ol
ic
en
Please note: In order to be SIP Connect 1.1 com-
_G

pliant the certificates presented by the OS SBC

do

shall use a SIP URI in the „subjectAltName“ and

an
rn

 „commonName“ fields, in accordance with [RFC

Fe

5280]. The OSV Solution recommended way to

._

create certificates is to use OpenSSL where it shall

_L
EN

be possible to specify the above fields using a SIP

00

URI.
EN
40
88

• 1TR118
EN

Technical Specification of the SIP Trunking Interface between a SIP-PBX with

DDI and the NGN Platform of Telekom Deutschland (DT-AG). If this flag is en-
abled, then many SIP messages will be in accordance with Deutsch Telekom
requirements for SIP Connect 1.1 described under https://www.telekom.de/
hilfe/downloads/1tr118_v10_.pdf
• Registration Mode
When Registration Mode flag is enabled, SBC will be sending Register mes-
sage with Registration Mode format of SIP Connect 1.1 that will add the fol-
lowing headers:
• Proxy-Require: gin
• Require: gin
• Supported: path
• Allow-Events: vq-rtcpx

138 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1.2.2 Remote EP configuration

Please note: If more then one Remote Endpoint uses the same „Remote URL“ - e.g. DTAG1 and
DTAG2 EP, then the same „Media Profile“ has to be used.
The remote endpoint configuration is logically the circuit between core and gateway - in our
example SSP is used as Gateway.

20
7-
-0
20
o_
ol
ic
en
_G
do
an

Remote EP with binding to SSP

rn

and Core-Side
Fe
._
_L
EN
00
EN
40
88
EN

In the „Remote Endpoints configuration“ section, click on „Add“ to add a endpoint mapping
entry.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 139
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

In the 1st section, enter a name for the SIP Carrier remote endpoint:

1 - Enter a name for the endpoint

2 - Choose the endpoint type (Gateway, Proxy or SSP)
1 3 - If the endpoint is a Gateway or Proxy, the profile cannot
2 be selected. For a SIP Service Provider the previously
3 configured profile must be chosen.
4 4 - Choose the realm profile which is used to communicate
5 to the Access Side (DMZ/WAN/etc..)
6 5 - Choose the realm profile (IP configuration) which is
used to communicate to the SIP Server on the core side.
7 (e.g. OpenScape Voice)
6 - In this scenario not used

20
8 7 - max. simultaneous calls - consider Session limits (li-

7-
cense

-0
20
8 - any time reservation ...

o_
ol
Select DNS SRV for DTAG. For other provider check this beforehand.
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

140 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

In the „Remote Location Information“ section, choose the „Signaling address type“, click on
„Add“ to create a new location definition and enter the endpoints IP address, port number as
well the transport protocol:

Choose if the device should be addressed direct (IP) or via DNS-SRV

SIP Server and Registrar, if no specific Reg-

20
istrar has been configured (section below)

7-
-0
20
DTAG uses TCP or TLS - again, for other

o_
provider check this beforehand, or use the

ol
sip service provider import function
ic
en
_G
do
an
rn
Fe
._
_L

This section will be covered later ...

EN
00
EN
40
88

Media Profile - assigned beforehand and

EN

suitable for RTP media payload

Particular outbound proxy. Also DNS-SRV

query will be performed to this name

Registrar, if different then Remote URL

above - in our example not required

If you save the settings, you will be prompted back to the Remote endpoint configuration.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 141
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Last a unique port (Mapping port) must be assigned for the endpoint port range (default
50000-54999) which is used for this device:

optional, if EP in OSV uses FQDN (instead of IP)

Internal core mapping: SIP PBX (e.g. OSV EP)

connects to this port

„Registrierungsrufnum-
mer“ (main register num-
Cloud scenario - 1 SSP connection ber): Certain SSP flags

20
with several number, that need to be use this number - e.g. to

7-
addressed individually to/from the populate the „“Contact“

-0
or

20
SIP-PBX based on the Core Port Map-
„PAI“ Header

o_
ping

ol
functional: incoming number „match“
algorithm ic
en
_G

Provider specific - e.g.

do

DLAN uses:
an
rn
Fe
._
_L
EN

No manipulation for Emer-

00

gency calls. In this scenario

EN

SBC just passes Emergency

40

calls to the SSP.

88
EN

per Endpoint flag.

aka. „Wall opener“ mechanism - with the following characteristics:
- send single UDP packet (no RTP or RTCP)
- send during payload establishment (either initial call or feature)
- no periodic sending
- re-send in case the media path was put on hold and became active again

142 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1.2.3 Registration Troubleshooting

In unlikely cases, where we face registration problems, please provide/check the following.
Therefore go to the „Diagnostics & Logs section:
• Clear all logs before starting ...
• log file settings to „Debug“ for components:
• SIP Server
• SSM
• Debugging Tool netwok tracer (capture file) with setting „All“
Important: Note that all maintenance activities may have impact to the system perforance.
Read the pop-up notifications carefully.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 143
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1.3 SSP with TLS

The following just illustrates the delta configuration in terms of TLS and srtp. Also for this ex-
ample we use the provider „Deutsche Telekom“ (DLAN).
Please note: Note that by design TLS authentication and encryption of the signalling path is
independent from the srtp encryption of media.
However, for a „secure“ communication with signalling and media we use TLS in
conjunction with srtp.

5.1.3.1 Preparing and Installing TLS Certificates

For using TLS and SRTP, TLS certificates are required on the SBC.

20
7-
For DLAN we use:

-0
• Mutual Authentication (MTLS) with a combined client/server cer-

20
o_
tificate (usage type) - simple a „combined“ certificate that can be

ol
used for client as well as server authentication.
ic
en
• SDES framework for key negotiation - later used for SRTP encryp-
_G

tion
do
an

For using TLS and SRTP over the SIP trunk uploading and configuration of the TLS certificates
rn

on the SBC is required:

Fe
._

Download the ‚Telekom Deutsche Telekom Root CA 2‘ certificate named:

_L

dt-root-ca-2.cer from URL - this supports the more sophisticated hash algorithm sha1 (instead
EN

of ca1 with md5):

00
EN

https://www.telesec.de/de/public-key-infrastruktur/support/root-zertifikate/category/57-deut-
40

sche-telekom-root-ca-2
88

Download the Telekom ‚Shared Business CA‘ certificate named:

EN

Shared_Business_CA4.der from URL:

https://www.telesec.de/de/sbca/support/ca-zertifikate/category/96-shared-business-ca-4

144 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

root CA certificate:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

Shared business CA:

00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 145
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Because the OpenScape SBC supports only certificates in pem format, the Telekom ‚Shared
Business CA‘ certificate: Shared_Business_CA4.der has to be converted.
Use the Linux shell e.g. on the OpenScape SBC or an adequate linux system/converter tool.
Linux command is:
openssl x509 -inform der -in Shared_Business_CA4.der -out Shared_Business_CA4.pem

or, online converter tool is:

https://www.sslshopper.com/ssl-converter.html

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Next, creat a certificate chain - based on the certificates Deutsche Telekom Root CA 2 and
Shared Business CA - and call it e.g. „chain-ca.pem“.
You can use notepad++ or linux command „cat“.
Example with linux command line:
oss2000:/tmp/certi # cat dt-root-ca-2.cer > chain-ca.pem
oss2000:/tmp/certi # cat Shared_Business_CA4.cer >> chain-ca.pem
oss2000:/tmp/certi # ll
total 16
-rw-r--r-- 1 administrator user 2325 Dec 12 14:49 Shared_Business_CA4.cer
-rw-r--r-- 1 root root 3643 Dec 12 15:40 chain-ca.pem
-rw-r--r-- 1 administrator user 964 Dec 11 19:59 dt-root-ca-1.cer
-rw-r--r-- 1 administrator user 1318 Dec 12 15:05 dt-root-ca-2.cer

The result of „chain-ca.pem“ file shall be as follows:

146 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

-----BEGIN CERTIFICATE-----
<dt-root-ca-2.cer>
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Shared_business_CA4.cer>
....
-----END CERTIFICATE---

Now, the recently generated file can be uploaded to the SBC via OSS assistant.
Security -> General -> Certificate Management

20
Import the chain-ca.pem file:

7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

This certificate will be used to authorize the server certificate, that has been issued during the
TLS handshake (in our example we authorize the Telekom server).

Proceed with generating „self-signed“ certificates on the SBC. This will be used for the MTLS
part - means, if the Server (Telekom) challenges the Client. Client in our example is always the
SBC - and the SBC says: „Hey, here I am with the (Client) Certificate - please validate me with
the previously offered public key (issued during Client Hello).

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 147
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

In our example we use the name „ossbc“:

Actually, certificates used for MTLS are as follows:

20
7-
-0
20
o_
ol
ic
en
Certificate to validate the Server (e.g. Tele-
_G

kom)
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Self signed „Client“ certificate > used if chal-

lenged by the server during MTLS.

Private key for encryption

Please note: Revocation list is not used yet. However CRL validation will be configured in the
„Certificate Profile“ section.

148 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

At the „download“ section you can check the certificate or key file, if required:

20
7-
-0
Configure a certificate profile, that will be used later on by the Remote Endpoint, that refers

20
o_
to the SSP.

ol
ic
en
_G
do
an
rn
Fe
._

Note: You can use the „Show“ button to verify

_L

your certificates
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 149
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

5.1.3.2 Media Profile

If not already configured, we require a Media Profile that will be later on assigned to the Re-
mote EP.
secured „Media“ connection (srtp) profile:

20
7-
-0
„srtp“ only - via SDES

20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

150 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 CSBC configuration

Proceed with Remote Endpoint configuration -> Remote Location Domain and activate TLS
settings and media profile:

20
7-
-0
Select Mutual certification and

20
choose the Certificate profile cre-

o_
ol
ated before...
ic
en
_G
do
an
rn

Media profile created before ...

Fe
._
_L
EN
00
EN
40
88
EN

Apply changes. On the SBC side we are done.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 151
FN9850FN10FN_TBAZZZAIMHY
 Phone configuration

5.2 Phone configuration

Sample rate of the phone shall be 20 ms.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

152 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3 OSV configuration

Presuming the OSV is pre-configured via WebCDC. The following configuration is pre-set:
• Office Codes
• EPP/EP
• NP
• Subscriber
For the following we just consider the „Delta“ configuration which is essential to connect to
the SSP.
Please note: Other SSPs can be used as well, please negotiate the capability/credentials be-
forehand.

20
7-
Important: Due to security reasons, we need to hide password within this docu, to avoid

-0
20
misunderstandings. Your lecturer will provide you login credentials to be used

o_
during the training session.

ol
Please use this for training purposes only!!!
ic
en
As previously explained in the CSBC configuration, DLAN credentials can be seen as follows:
_G
do

SSP:
an
rn

For test purposes we used the SSP DTAG with the following criterias:
Fe
._

Tarif: DeutschlandLAN SIP-Trunk Pure Pooling

_L
EN

Access Number: 551127098975

00

Voice Channels: 40
EN
40

CLIP N/S: Yes

88
EN

SIP-Trunk Registration Number: +4922843353360

Country Code: 49
Area Code 0228
SIP-Trunk Number 4335336-0
SIP-Trunk Range 0-9
SIP-Trunk Username 551127098975
SIP-Trunk Password xxxxxxxx (kept secret) > your lecturer provides you adequate cre-
dentials.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 153
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

Please note: By design the DLAN „pure“ option shall support a random Internet connection,
which is not bound to any physical xDSL/FTTH by Telekom.
Note, that in this case we have no guaranteed speech-path in terms of QoS!
Please note: Note that Telekom currently supports multiple digits as extension part - e.g.
+492284335336-1xx However, the maximum length of 15 digits shall not be ex-
ceeded, due to the E164 implementation.
Highlevel overview:

SBC - core binding > General

OSV
availability via „5060“ SBC

20
7-
-0
20
Static Port Mapping

o_
„Invite“ for DLAN Remote EP / SSP Profile

ol
with Port 50002 ic
en
OSV EP:50002
_G
do
an

„DA Challenge“ „Register“

rn
Fe
._
_L

Note: OSV EP needs Local DA credentials,

EN

if challenged from SSP!!

00

SSP
EN
40
88
EN

154 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.1 Office Code

Office Code shall consider the sip trunk number - in our example 49 228 4335336-0 as well as
the trunk range - e.g. 0 - 9. As already explained in the SBC configuration, Telekom DLAN SIP
Trunk currently allows more then 1 digit used as extension part - e.g. a 3-digit number that
suits into the range like -1xx or 2xx.
Please note: The maximum numbering length should not exceed 15 digits (E164)!
Office Code configuration:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 155
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.2 Endpoint Profile

Create/check the EPP:

Note, in this scenario we use an individ-

ual NP. PAC entry should be min. a „+“
character, which is basically used for an
incoming EP routing.
Additionally, DNM can be pointed to

20
this NP directly.

7-
However, all depends on the WebCDC

-0
implementation.

20
o_
ol
ic
en
_G
do

Injects a „PAI“ SIP header field to the EP.

an

SIP Privacy support shall be set to:

rn

„Full Send“
Fe
._
_L
EN
00
EN
40

SIP Privacy Support: This causes the P-Asserted-Identity header to be ignored for incoming
88

calls but supported for outgoing calls.

EN

EPP Services:

156 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.3 Endpoint
An EP is required that points to the static core-port of the SBC.
Configuration:

As Default Home DN use the main

registration number.
DLAN Telekom example:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe

Endpoint Type should be DTAG/T-

._
_L

Systems
EN
00
EN
40
88
EN

Important is the SIP section - lower part. Here we configure the Security „Trusted“ relation-
ship between SSP and OSV with DA credentials.
DA has to be configured for the local part - for our telekom example, same that we used for
SBC to register to the SSP.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 157
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

SIP settings as follows

20
Core Port mapping to the SBC

7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Click on „Edit“ (and proceed on the

next page ...)

Clicking „Edit“ opens the Realm Authentication section of the OSV.

158 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

Click on „Add“ to build a new Realm configuration as follows:

If the check box is set, then

Remote EP will not be DA
challenged. Check box acti-
vation is required, because

20
our prover doesn‘t allow

7-
-0
20
Provider specific - e.g.

o_
DLAN uses:

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Signaling Port: Use case is OSC (OpenScape Cloud), where one TCP/IP (DLAN Telekom won‘t
use UDP) communication socket will be used to the SSP, but several main registration num-
bers are shall be used via this „SIP Trunk“. These numbers needs to be explicitly addressed/
configured in OSV via the SIP Signalling Port information - e.g. the static mapping port 50002.
Since we only have one main registration number available on this trunk, we don‘t use the in-
dividual signalling port, but „Trusted“.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 159
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

This is the base level of attributes. Flag activation may vary! In case of question please contact
your support center.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

DLAN does not support Diversion Header.

00
EN
40

Sending external Numbers with leading „+“!

88
EN

Typically do not activate this paramers for

DLAN.
This parameters are used to activate Authenti-
cation Number with either:
- subscriber‘s home DN
or:
- Default Home DN (configured at tab „Gener-
al“)
and populate this value to the „Send Authenti-
cation Number in ... Header“, if checked.

Note: All other parameter shall be left by default!

160 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.4 Presenting Numbers

To transfer the „+“ information to the SSP, 2 pre conditions have to be set:
1: EP Attribute: Send International Number in GNF Format
2: DNM
The DNM requirement is to present the number in an E164 international format to the SSP.
With the GNF EP flag, OSV builds now the right numbering format starting with „+“.
Note: DNM explanation goes beyond the scope of this training. It will be covered more de-
tailed in the OSV Advanced class.
DNM example:

20
7-
-0
20
o_
ol
ic
en
_G
do

Definition table shall include the Of-

an
rn

fice Code of the SSP.

Fe
._
_L
EN
00
EN
40
88
EN

Terminating (outgoing) context to

the SSP EP.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 161
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.5 Sending Numbers without leading „0“

WebCDC pre-configured.
All numbers pointing to the SSP Endpoint shall be presented in the „GNF“ format - except
Emergency calls.
The E112/E911 number shall not presented with a leading „0“ to the SSP.
Check the following E112/E911 configuration and delete the leading „0“:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

162 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSV configuration

5.3.6 Avoiding Re-Invite during Session Refresh

Story: An ongoing long duration call forces OSV to send regular INVITEs to refresh the session.
If the SDP o-line version info is different between INVITE and the related 200 OK, then OSV
detects a change for the session and informs the peer by sending a re-INVITE.
Solution: To avoid this, OSV will send UDPATE messages instead of re-INVITEs by setting the
parameter:
• Srx/Sip/UpdateMethodSessionTimingEnable > RtpTrue

5.3.7 Optional Features:

• Caller ID Suppression

20
to allows subscribers the feature Caller ID Suppression, the sub-

7-
-0
scribers must be assigned the feature

20
Outgoing CID suppression and Delivery per Call

o_
which is activated by using the prefix *51 by default. This assign-
ol
ment can be done on subscriber level or via Feature Profile. ic
en
_G

• Subscriber‘s Display
do

The External Caller ID can be modified for „CLIP“ usage. However,

an

always configure a E164 format! (for example country code germa-

rn
Fe

ny starts with 49 ...)

._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 163
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4 OS4k configuration

Goal: Configure the OS4k to connect to a SSP through an CSBC.
Prerequisite: We assume the CSBC configuration is already carried out - for details please re-
peat the CSBC Config section above.

5.4.1 DLAN example - credentials/contract:

The following illustrates the credentials of an DLAN „Pure“ connection.
Please note: Other SSPs can be used as well, please negotiate the capability/credentials be-
forehand.

20
Important: Due to security reasons, we need to hide password within this docu, to avoid

7-
-0
misunderstandings. Your lecturer will provide you login credentials to be used

20
during the training session.

o_
Please use this for training purposes only!!!
ol
ic
en
As previously explained in the CSBC configuration, DLAN credentials can be seen as follows:
_G

SSP:
do
an

For test purposes we used the SSP DTAG with the following criterias:
rn
Fe

Tarif: DeutschlandLAN SIP-Trunk Pure Pooling

._
_L

Access Number: 551127098975

EN

Voice Channels: 40
00
EN

CLIP N/S: Yes

40
88

SIP-Trunk Registration Number: +4922843353360

EN

Country Code: 49
Area Code 0228
SIP-Trunk Number 4335336-0
SIP-Trunk Range 0-9
SIP-Trunk Username 551127098975
SIP-Trunk Password xxxxxxxx (kept secret) > your lecturer provides you adequate cre-
dentials.
Please note: By design the DLAN „pure“ option shall support a random Internet connection,
which is not bound to any physical xDSL/FTTH by Telekom.
Note, that in this case we have no guaranteed speech-path in terms of QoS!
Please note: Note that Telekom currently supports multiple digits as extension part - e.g.
+492284335336-1xx However, the maximum length of 15 digits shall not be ex-
ceeded, due to the E164 implementation.

164 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

Functional - Highlevel overview:

SBC - core binding > General

OS4k
availability via 5060 SBC

Static Port Mapping

„Invite“ for DLAN Remote EP / SSP Profile
with Port 50002
OS4k FP:50002

20
7-
„DA Challenge“ „Register“

-0
20
o_
ol
Note: OS4k FP needs Local DA credentials,
ic
en
if challenged from SSP!!
_G

SSP
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 165
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4.2 OS4k with SBC technology

The following solution‘s are available for hosted SBC on OS4K or standalone CSBC:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe

Please note: Either HG3500 STMIX boards or HG 3500 vHG cards can be configured as SIP
._
_L

trunk gateways via SBC to any SSP. A list of certified SIP Service Providers can be
EN

found in G-DMS document INF-13-000534.

00
EN
40
88
EN

166 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4.3 Gateway Configuration via CLI and AMO‘s

The following example describes the configuration of an HG3550 vHG card. The configuration
can also be done for a STMI based HG3550.
Using ISDN International Format is the easiest and recommended way for SIP numbering
configuration. The format will then result in + being prefixed before the numbers in SIP.
Using + is also the preferred format for receiving numbers from any SIP Provider.

Please note: The following AMO settings may be handled as an general example only. Replace
all individual parameters with your own settings!

Preset a function block in AMO BFDAT:

20
7-
ADD-BFDAT:FCTBLK=16,FUNCTION=HG3550,BRDBCHL=BCHL60&BCHL120;

-0
20
o_
CHANGE-BFDAT:CONFIG=CONT,FCTBLK=50,FUNCION=HG3550,LINECNT=2,UNITS=3;

ol
CHANGE-BFDAT:CONFIG=OK,FCTBLK=16,ANSW=YES; ic
en
_G

Configure the slot for the card in AMO BCSU by using function ID 1 and the function block
do

described above:
an
rn

ADD-BCSU:MTYPE=IPGW,LTG=1,LTU=1,SLOT=10,PARTNO="Q2330-X",FCTID=1,
Fe

LW-VAR="0",FCTBLK=16,BCHL3550=60,ALARMNO=0;
._
_L

Configure the IP basic settings in AMO CGWB:

EN
00

ADD-CGWB:LTU=18,SLOT=4,SMODE=NORMAL,IPADR=10.58.21.84,
EN

NETMASK=255.255.255.0,BITRATE="AUTONEG",TRPRSIP=60,DNSIPADR=9.9.9.9;
40

Configure the LEGKDATA section in AM0 CGWB:

88
EN

CHANGE-CGWB:MTYPE=CGW,LTU=18,SLOT=4,TYPE=LEGKDATA,GWNO=1,
REGEXTGK=NO;
Deactivate external registration and digest authentication in AMO CGWB:
CHANGE-CGWB:MTYPE=CGW,LTU=18,SLOT=4,TYPE=SIPTRERH,GWAUTREQ=NO;
CHANGE-CGWB:MTYPE=CGW,LTU=18,SLOT=4,TYPE=SIPTRSSA,SIPREG=NO;
Create a bundle for the SIP carrier application in AMO BUEND:
ADD-BUEND:TGRP:=55,NAME="SIP CARRIER",NO=60;
The following COT / COP classes are recommended for SIP carrier trunks
ADD-COT:COTNO=55,
PAR=ANS&CEBC&BSHT&BLOC&LWNC&NLCR&TSCS&NOFT&NTON;
ADD-COP:COPNO=55,TOLL=TA,TRK=TA;

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 167
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

Configure the following parameters in AMO TDCSU:

ADD-TDCSU:OPT=NEW,PEN=1-18-4-0,COTNO=55,COPNO=55,DPLN=0,VBZ=0,COS=1,
LCOSV=1,LCOSD=1,CCT="SIP CARRIER ", DESTNO=0,PROTVAR="ECMAV2",SEGMENT=8,
ATNTYP=CO,ISDNIP=00,ISDNNP=0,TRACOUNT=31,SATCOUNT=MANY,NNO=1-58-155,
ALARMNR=2,FIDX=1, COTX=55,FWDX=1,UUSCCX=16,UUSCCY=8,FNIDX=1,
CLASSMRK=EC&G711&G729AOPT,TGRP=55,SRCHMODE=DSC,INS=Y,
SECLEVEL=TRADITIO,DEV=HG3550CO,BCHAN=1&&30,BCNEG=N,BCGR=1,LWPAR=0;

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

168 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4.4 Gateway Configuration in LCR

Configure the following parameters in AMO RICHT:

ADD-RICHT:MODE=LRTENEW,LRTE=55,LSVC=ALL,TGRP=55,DNNO=1-58-155;
Configure a dial rule in AMO LODR:
ADD-LODR:ODR=56,CMD=ECHO,FIELD=4;
ADD-LODR:ODR=56,CMD=ECHO,FIELD=5;
ADD-LODR:ODR=56,CMD=ECHO,FIELD=6;
ADD-LODR:ODR=56,CMD=ECHO,FIELD=7;

20
ADD-LODR:ODR=56,CMD=NPI,NPI=ISDN,TON=INTERNAT;

7-
-0
ADD-LODR:ODR=56,CMD=END;

20
Configure a binding in AMO LDAT:

o_
ol
ADD-LDAT:LROUTE=55,LAUTH=1,LSVC=ALL,LVAL=1,TGRP=55,ODR=56; ic
en
In the numbering plan, a digit pattern is configured according to regulations,
_G

which is to be routed via the SIP carrier connection.

do
an

ADD-LDPLN:LCRCONF=LCRPATT,DIPLNUM=0,
rn

LDP="0"-"W"-"00"-"49"-"1801"-"30200"-"XXXX",LRTE=55,LAUTH=1;
Fe
._

Please note: SIP Providers are expecting all digits en-bloc and do not support overlap dialing.
_L

Thereby an alternative possibility to using -X in LDPLN is to use -Z with corre-

EN

sponding time out (LCREOD in AMO CTIME, branch CP1).

00
EN

The following GKREG entry is not necessary and is only used for completeness,
40
88

as the LEGK does not resolve addresses:

EN

ADD-GKREG:GWNO=1,GWATTR=INTGW&HG3550V2&SIP,DIPL-
NUM=0,DPLN=0,LAUTH=1;
The KNDEF entry cancels out the system part of the incoming phone number:
ADD-KNDEF:NNO=1-58-155,TYPE=OWN,ISDNCC=49,ISDNAC=1801,ISDNLC=30100,IS-
DNSK=5;

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 169
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4.5 Gateway Configuration in Web Based Management (WBM)

In the HG 3500 WBM under Configuration > Voice Gateway, you will find the sub menu SIP
Trunk Profile. Here you will find preconfigured profiles for all currently released service pro-
viders. For the classroom training, we use a general profile with registration.

Please note: A list of certified SIP Service Providers can be found in the G-DMS document
INF-13-000534 as well.

The following settings arevrequired to be configured under the profile:

(In our exercise we are using “NatTrkWithRegistration“)

20
7-
Domain name:

-0
20
Supplied by the provider (here: iandc.training.com).

o_
ol
IP address/host name of the registrar: ic
en
_G

Supplied by the provider.

do

IP address/host name of the proxy:

an
rn

Supplied by the provider.

Fe
._

Outbound proxy:
_L
EN

Here, activate the checkbox: Use outbound proxy and enter the IP address of the SBC in the
00

LAN (IP address/hostname). All calls are routed to the SIP carrier from the HG 3500 via Open-
EN

Scape SBC from now on. The HG 3500 also only permits incoming calls routed via OpenScape
40

SBC.
88
EN

Inbound proxy:
Not activated here! You can enter a proxy here, which will be used especially for incoming
calls.

170 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

Example Web Based Management Configuration:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 171
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

5.4.6 Special settings for SSP Telekom Deutschland

Telekom Deutschland GmbH now also offers a change of the ISDN PABX connections to SIP
telephony in the modernization of traditional TDM technology to IP-based communications.
This conversion (often under the pseudonym title "ALL-IP") involves the exchange of ISDN
multiplexers (S2M) / ISDN NTBA (S0) with certified IP routers e.g. Telekom. These routers pro-
vide the connectivity to the Internet used for in- and outcoming connections by the Open-
Scape 4000 SIP trunking to the Central Office (CO).
An alternative is the so-called “DeutschlandLAN SIP-Trunk Pure” by Telekom.
This includes no access (xDSL/FTTH) by Telekom and can be used with any Internet connec-
tion (bandwidth dependent) where Telekom Sales should be contacted for more details. For
guaranteed speech quality (Quality of Service) by Telecom a DeutschlandLAN SIP trunk with

20
access service provided by Telekom is required (e.g. xDSL, FTTH).

7-
-0
20
o_
Supported OS4K Gateways:

ol
• Softgate with virtual HG (vHG) ic
en
_G

• STMIX
do

• STMI (TCP/UDP & RTP Support only)

an
rn
Fe
._

Supported Connections:
_L

• Direct Connection via OS4K Gateway

EN

• OS4K Gateways connected via Hosted or Standalone SBC

00
EN
40
88

Connection Scenarios:
EN

• Direct Connection via OS4K Gateway (Not described in this document)

• OS4K Gateways connected via Hosted or Standalone Openscape SBC:
• Gateway (HG/vHG) via SBC located in local Network of a dedicated
Telekom Router (NAT Scenario)
• Gateway (HG/vHG) via SBC with a dedicated public IP address:
(WAN Scenario)
Restrictions:
The DeutschlandLAN SIP trunk Telekom supports encryption only when both signaling
and payload encryption (TLS and SRTP) are active together. Should one of these be sent
unencrypted then the connection is terminated.
On the part of the Telekom only SDES is supported for voice encryption (SRTP).
The „Session Description (SDES) Protocol” is described under “Signaling and Payload En-
cryption (SPE)” from the document „IP Solutions“.

172 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

To use Signaling and Payload Encryption (SPE) activation is needed in the OS4K.
To do this, please follow the chapter from the service documentation IP Solutions - Sig-
naling and Payload Encryption (SPE).
The Telekom provides their own certificates (CA) for DeutschlandLAN SIP-Trunk.
The provided Telekom CA certificates must be imported on the OS4K Gateway.
Due to the SPE design in the OS4K, the OS4K Gateway requires an own server certificate
(e. g. *.p12) in addition to CA certificates to realize activation of SPE (TLS). For this purpose
any private server certificate can be created (for example using OS4K Assistant) which
then must be imported to the OS4K Gateway. The entered data in the server's certificate
is irrelevant.

20
Please note: IPv6 support is still in certification phase by Telekom.

7-
-0
20
o_
Configuration examples via CLI and AMO‘s:

ol
Depending on the Scenario (NAT or WAN) the DNS settings in CGWB need to be done: ic
en
_G
do
an

NAT internal DNS:

rn
Fe

CHA-CGWB:LTU=18,SLOT=4,SMODE=NORMAL,DNSIPADR=192.168.0.1;
._
_L

WAN with external DNS:

EN

CHA-CGWB:LTU=18,SLOT=4,SMODE=NORMAL,DNSIPADR=194.25.2.129;
00
EN

The OpenScape 4000 default values for RTP packet length and Type Of Service for signaling
40

(TOSSIGNL) must be manually changed with AMO CGWB in the branch ASC to match Tele-
88

kom requirements. RTP for G711 must be changed to 20ms and TOSSIGNL to 104. The TOS
EN

payload does not need to be changed.

CHANGE-CGWB:MTYPE=CGW,LTU=21,SLOT=16,TYPE=ASC,TOS-
SIGNL=192,PRIO=PRIO1,RTP=20;
Please note: The QoS settings are taken over by the routers in the Telekom-Portfolio for the
WAN-Interface. At this point correct QoS marking is particularly important as
here exists the bottle neck of the connection.
In general connections to SIP providers should use international format an dialed national
telephone number (e.g. mobile) must be sent to the CO in international format (NPI = ISDN,
TON = INTERNAT).

In Telekom DeutschlandLAN SIP-trunk case there are special rate numbers with prefix codes
which (not in E. 164-format) must be sent to the Telekom. These (nine) special rate numbers/
-pre selection codes are:
110, 112, 115, 116-X, 118-X, 010-X, 0137-X, 0138-X and 0900-X

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 173
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

The following example is a command batch for such numbers:

ADD-RICHT:MODE=LRTENEW,LRTE=34,LSVC=ALL,NAME="ALLIP ORTSONDE",
TGRP=10,DNNO=200,ROUTOPT=YES,DTMFCNV=FIX,DTMFPULS=PP300,ROUTATT=NO,
EMCYRTT=NO,INFO="AMT ORTSONDER",PDNNO=981,CHARCON=NEUTRAL,
CONFTONE=NO,RERINGRP=NO,NOPRCFWD=NO,NITO=NO,CLNAMEDL=NO,
FWDSWTCH=NO,LINFEMER=NO,NOINTRTE=NO;
ADD-RICHT:MODE=LRTENEW,LRTE=35,LSVC=ALL,NAME="ALLIP NATSONDE"
,TGRP=10,DNNO=200,ROUTOPT=YES,DTMFCNV=FIX,DTMFPULS=PP300,
ROUTATT=NO,EMCYRTT=NO,INFO="AMT NATIONALSONDER",PDNNO=981,
CHARCON=NEUTRAL,CONFTONE=NO,RERINGRP=NO,NOPRCFWD=NO,

20
NITO=NO,CLNAMEDL=NO,FWDSWTCH=NO,LINFEMER=NO,NOINTRTE=NO;

7-
-0
ADD-LODR:ODR=34,CMD=NPI,NPI=ISDN,TON=SUBSCR;

20
o_
ADD-LODR:ODR=34,CMD=ECHO,FIELD=3;

ol
ADD-LODR:ODR=34,CMD=ECHOALL; ic
en
_G

ADD-LODR:ODR=34,CMD=END;
do
an

ADD-LODR:ODR=34,INFO="TELEKOM SONDER SUBSCR";

rn
Fe

ADD-LODR:ODR=35,CMD=NPI,NPI=ISDN,TON=NATIONAL;
._
_L

ADD-LODR:ODR=35,CMD=ECHO,FIELD=3;
EN
00

ADD-LODR:ODR=35,CMD=ECHO,FIELD=4;
EN

ADD-LODR:ODR=35,CMD=ECHOALL;
40
88

ADD-LODR:ODR=35,CMD=END;
EN

ADD-LODR:ODR=35,INFO="TELEKOM SONDER NATIONAL";

ADD-LDAT:LROUTE=34,LSVC=ALL,LVAL=1,TGRP=10,ODR=34,LAUTH=1,
CARRIER=1,ZONE=EMPTY,LATTR=WCHREG,VCCYC=4;

ADD-LDAT:LROUTE=35,LSVC=ALL,LVAL=1,TGRP=10,ODR=35,LAUTH=1,
CARRIER=1,ZONE=EMPTY,LATTR=WCHREG,VCCYC=4;
ADD-LDPLN:LCRPATT,0,
*0-W-0-10-XZ,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,35,,,1,,,,N;
ADD-LDPLN:LCRPATT,0,
*0-W-0-137-X-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,35,,,1,,,,N;
ADD-LDPLN:LCRPATT,0,
*0-W-0-138-X-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,35,,,1,,,,N;

174 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

ADD-LDPLN:LCRPATT,0,
*0-W-0-900-X-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,35,,,1,,,,N;
ADD-LDPLN:LCRPATT,0,
*0-W-110-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,34,,,1,,,,N;

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

ADD-LDPLN:LCRPATT,0,
*0-W-112-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,34,,,1,,,,N;

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 175
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

ADD-LDPLN:LCRPATT,0,
*0-W-115-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,34,,,1,,,,N;
ADD-LDPLN:LCRPATT,0,
*0-W-116-X-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,34,,,1,,,,N;
ADD-LDPLN:LCRPATT,0,
*0-W-118-X-Z,0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15,34,,,1,,,,N;

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

176 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

Example Web Based Management Configuration Deutsche Telekom:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 177
FN9850FN10FN_TBAZZZAIMHY
 OS4k configuration

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

178 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Media Transcoding

6 Media Transcoding
This feature provides the possibility of media transcoding between the OSV solution support-
ed codecs G.711 (a-law, u-law), G.729 and G.722 and the iSAC / iLBC codecs of the WebRTC as
it‘s used for example in OSMO in case that two devices which wants to talk together does not
support the same codec.
The basic use case is a mobile user has no Wi-Fi connectivity but has limited free data usage
in his data plan. Instead of spending his minutes to make a call he may use his free data usage
over the 3G/4G network to make the call. In order to consume as less data as possible limited
from his free data plan it is required that the codec to be used for the call has very low band-

20
width requirements as possible such as the iSAC or iLBC codecs.

7-
-0
20
o_
ol
ic
en
_G
do
an

Since the OpenStage phones in the OSV solution do not support the WebRTC codecs it is re-
rn
Fe

quired that the OS SBC is able to transcode between the two codec sets. However, the func-
._

tionality is also supported if transcoding is necessary between standard codecs (e.g. between
_L

G.711 and G.729).

EN
00
EN
40

 Please note: This feature applies only to the OS

88

Centralized SBC (not the OSB‘s SBC capability).

EN

Performance
The codec transcoding can have heavy impacts to system performance but detailed perfor-
mance values are not yet available. Depending on the used codecs, the performance will go
down between ~2% (G.711u <--> G.711a) and up to 65% for iLBC.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 179
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

6.1 Provisioning
The media transcoding feature needs to be explicitly enabled in the features menu:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Check the codecs which should be enabled for media transcoding.

180 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

The Codecs, Priorities, Packetization intervals and rules are configured in the Media profiles
under
VoIP --> Media

20
7-
-0
20
Either the default profile can be edited (which will be assigned to subscribers / endpoints as

o_
ol
long no other one will be choose) or click on „Add“ to create a new profile.
ic
en
With the „Codec“ drop-down box, selected the codec which should be enabled for this feature
_G

and click „Add“ to include it in the codec list.

do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

The „Move up“ and „Move down“ button can then be used to change the priority. The „Delet-
ed“ button removes a codec from the list.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 181
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

The media profiles will then be assigned to either the Remote Subscribers Configuration un-
der
Features --> Remote Subscribers
The profile must be assigned to an location / site with the „Remote Subscriber Configuration“
list. Click on „Add“ to create a location and enter a name, location domain, Subnet IP address
and Subnet Mask or edit an existing one. Then the profile can be assigned to this location with
the „Media profile“ drop-down list:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

182 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

Or to an remote endpoint under

Features --> Remote Endpoints
In the „Remote Location domain list“ for the endpoint. The new „Media profile“ column allows
to select the profile created in previous step:

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 183
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

184 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Emergency Calling

7 Emergency Calling
7.1 Overview
The call routing in the OpenScape Voice is generally fixed in nature by the subscriber's defi-
nition within a Private Numbering Plan (PNP) that is defined within the logical object called a
Business Group (BG).
Regardless of the subscriber's physical location --within an office/branch, from a hotel con-
nection or even from home-- if there is IP connectivity to the OpenScape Voice, the user will
be authenticated against the system and bound to the Prefix Access Code (PAC) table and

20
routing strategies of the PNP in which the subscriber was created. Calls made from anywhere

7-
on the IP network will follow the routing strategies defined within the PNP for a subscriber,

-0
20
unless exceptions are made by other processes and external applications.

o_
ol
While there are certain applications and process that can impact this routing relationship, the
ic
primary focus of this module is to illustrate the manner in which the OpenScape Voice solu-
en
_G

tion allows for emergency dialing rules which leverage location-specific components for E-
do

911 compliance. Without this enhanced feature, emergency dialing would be based on the
an

PNP-PAC and routing strategies in which the subscriber is defined, and thus could result in
rn

emergency services being accessed and deployed to a location other than where the subscrib-
Fe

er is currently located.
._
_L

The examples used in this module will illustrate how the components of emergency call rout-
EN

ing for subscribers and locations can be based on IP or Subnet information rather than the
00

traditional limitations that may be imposed by PNP-based routing strategies, allowing tradi-
EN

tional routing strategies of the PNP to be used for standard calls, but invoking a more robust
40
88

solution when emergency services are called from a location.

EN

As usual, these options and configurations must be carefully weighed and matched to cus-
tomer requirements to optimize both the system database and searching functions of the
OpenScape Voice, while retaining all of the robust routing necessary to complete calls to any
required destinations and ensure that the customer is as fully E-911 compliant as possible.
This will include items mandated by E-911 compliance policies, such as assigning the Location
Identifier Number (LIN) and transporting it with the emergency call to the Public Safety An-
swering Point (PSAP) based on accurate, and location-specific, information.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 185
FN9850FN10FN_TBAZZZAIMHY
 Overview

The following diagram shows how the routing for emergency calling will be executed.

OpenScape Voice

E911
subgroup table 2
Router Switch
3

SIP / SIP-Q

20
7-
-0
20
1

o_
Gateway
ol
ic
en
_G

CAMA / PRI
do
an
rn
Fe
._
_L
EN
00
EN
40

Public Safety Answering Point (PSAP)

88
EN

1 E911 invite from calling user

2 Location Identifier Number (LIN) lookup
3 E911 Call to PSAP

1: The IP address of the calling user is contained in the emergency

call SIP INVITE
2: OpenScape Voice uses the IP address and subnet mask to lookup in
the subgroup table and retrieve an appropriate LIN and the corre-
sponding route number
3: The route number leads the call to a particular gateway (GW) that
is served by the public network's E911-Tandem office

186 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Routing

7.2 E911 Routing

The emergency call will be executed in two steps. In the 1st step, the call will be sent via the
PAC to a destination code which points to the emergency call service. This service adds spec-
ified information, e.g. LIN, based on the subscriber’s IP address to the call. The call goes now
again to the subscribers PNP PAC and can use a special routing entry.

PNP
Dest Code DESTINATION „A“
ROUTE

20
PAC Dest Code DESTINATION „B“

7-
-0
ROUTE

20
o_
ol
Dest Code
ic
en
_G
do

E911 Definition
an

IP / Net. Route
rn

x.x.x.x 999
xxx.xxx 999
Fe

GW_B GW_A
._
_L

In same cases, only one gateway is used but the destination number must be modified. In this
EN

case, all destinations points to the same GW.

00
EN
40
88

PNP
EN

Dest Code DESTINATION „A“

ROUTE

PAC Dest Code DESTINATION „B“

ROUTE

Dest Code

E911 Definition
IP / Net. Route
x.x.x.x 999
xxx.xxx 999
GW

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 187
FN9850FN10FN_TBAZZZAIMHY
 E911 Routing

Step 1 of 4

49 89 7007 1001

Dials 112

20
7-
-0
PAC in Subscriber’s PNP

20
o_
Prefix Access Code = 112
ol
Minimum Length ic
= 3
en
Maximum Length = 30
_G

Digit Position = 0
do
an

Digits to insert = <None>

rn
Fe

Prefix Type = Off-net Access

._
_L

Nature of Address = Unknown

EN

Destination Type = None

00
EN
40

Destination „None“ forwards the call to the

88

next Numbering Plan level

EN

The subscriber dials the emergency number, in this case „112“. The Prefix Access Code „112“
in the subscribers PNP matches this call. The call will be marked as a „Off-net“ call and the des-
tination type „None“ forwards the call to the next level in the PNP, the Destination Code.

188 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Routing

Step 2 of 4

from Prefix Access Code

Destination Code

Destination Code = 112

Nature of Address = Unknown
Traffic Type = Emergency

20
7-
Destination Type = Service

-0
Service = Emergency

20
o_
ol
ic
The special Service Destination forces the
en
OSCV to lookup the Ermergency Calling
_G

Definition
do
an
rn
Fe

Emergency Calling Subnet

._
_L
EN

Subnet or IP = 192.168.100.0
00

Subnet Mask = 255.255.255.0

EN

or
40

Location domain = muc.apt.net

88
EN

Route number = 1
Passcode = 123456

The call will be routed again to If no definition matches the subscriber,

the Prefix Access Code the call will be blocked

With the service „EnhEmergencySvc“ in the Destination Code, the OpenScape Voice tries to
lookup the emergency information based on the subscribers current IP address. This infor-
mation will be added to the call and the call will be sent again to the PAC of the subscribers
PNP. If no entry could be found for the subscriber, a special treatment will be played and the
call will be blocked.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 189
FN9850FN10FN_TBAZZZAIMHY
 E911 Routing

Step 3 of 4

from Emergency Calling Subnet defi-

nition

PAC in Subscriber’s PNP (prev. defined)

+
Prefix Access Code
Minimum Length
=
=
112
3
1121
Maximum Length = 30 new called #

20
Digit Position = 0

7-
Digits to insert = <None>

-0
20
o_
Prefix Type = Off-net Access

ol
Nature of Address = Unknown
ic
en
Destination Type = None
_G
do
an

Destination „None“ forwards the call again

rn

to the next Numbering Plan level

Fe
._
_L
EN
00
EN

The call comes again to the PAC with the original dialed number, followed by the routing ID
40

from the emergency definition and will be forward again from the previously created PAC to
88

the destination table where the call can now be send to a specific gateway.
EN

190 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Routing

Step 4 of 4

from Prefix Access Code

Destination Code

Destination Code = 1121

Nature of Address = Unknown
Traffic Type = Emergency

20
7-
Destination Type = Destination

-0
Destination = PSAP_Emergency

20
o_
ol
ic
The call will now be forwarded to a
en
specified Destination which points to a
_G

gateway
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

The Destination Code for the original dialed number followed by the routing ID from the
emergency definition points now to a PSTN gateway.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 191
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

7.3 E911 Provisioning

7.3.1 Remote Location (OpenScape SBC)

The emergency networks must be defined first on the SBC under Features in the „Remote
Subscriber configuration:“

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

192 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

In the „Remote Subscribers configuration“ click on „Add“ to create a new entry.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Enter a location „Name“ to identify this entry later in the SBC, choose a „Location Domain
Name“ which will later be used in direction to the OpenScape Voice and the „Subnet IP ad-
dress“ / „Netmask“ for which this domain is used.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 193
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

The SBC will insert a new field in the SIP header called „X-Siemens-Location“ which can be
used later with the OpenScape Voice emergency calling or the Call Admission Control feature:

INVITE sip:[email protected]:5061;transport=tls;maddr=10.0.0.120 SIP/2.0

Record-Route: <sip:10.0.0.170:5061;transport=tls;oss=oss-07.01.04.3;ft-
ag=3ede949218;lr>
Via: SIP/2.0/TLS 10.0.0.170:5061;branch=z9hG4bK3207.58e62235.0
Via: SIP/2.0/TLS 10.0.0.170:10000;branch=z9hG4bK042ae147c70095a71;rport
Max-Forwards: 69
Contact: <sip:[email protected]:10000;transport=tls>

20
To: <sip:[email protected]:5061>

7-
-0
From: <sip:[email protected]:10000>;tag=3ede949218;epid=sc7CA90C

20
Call-ID: b90898b621262366

o_
CSeq: 1757975345 INVITE

ol
ic
Allow: ACK, BYE, CANCEL, INVITE, NOTIFY, OPTIONS, PRACK, REFER, SUBSCRIBE, UPDATE
en
_G

Content-Disposition: session
do

Content-Type: application/sdp
an

Supported: 100rel, eventlist, replaces

rn
Fe

User-Agent: OpenStage V7R1.38.0

._

Allow-Events: refer
_L
EN

P-Asserted-Identity: <sip:[email protected]>
00

X-Siemens-Location: muc.apt.net
EN

X-Siemens-Call-Type: ST-secure
40

Content-Length: 999
88
EN

X-Siemens-OSS: OpenScape SBC V7R1.04.00 Build 3

194 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

7.3.2 OpenScape Voice

7.3.2.1 Emergency Calling Subnets

Select
Configure
 OpenScape Voice
 Business Group
 BG Options
 Emergency Calling Subnets
The Emergency Calling Subnets definition assigns a route ID and a Location Identifier Num-

20
ber (LIN) to the subscriber based on a single IP address or a entire IP subnet.

7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 195
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

On the „General“ tab, the location and „Digits to append“ will be assigned:

Optional method to assign a

emergency location in hosted
scenarious (static)

Subscribers behind a SBC can-

not be identified with an IP ad-
dress

Location Domain defined in

20
SBC under „Remote Location“

7-
-0
20
Comment for administrator

o_
(Optional)

ol
ic
en
_G

Use LIN as Calling Party Num-

do

ber
an

(must be defined on “LIN“ tab)

rn
Fe

Route Number max 4 digits

._
_L

(will be added to original dialed

EN

number)
00
EN
40
88
EN

Please note: The field order in the „Identification“

 section defines the priority how OSV identifies a
location.

196 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

On the „LIN“ tab, a LIN and Callback Number (used for non DID) can be optional assigned:

20
7-
-0
20
o_
ol
ic
en
Location Identifier Number Number for Callback Service
_G

(can be used to replace CPN) as defined in HomeDN

do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 197
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

7.3.2.2 PAC for E911 Calls

Add a prefix access code which forwards the emergency call to the Destination Code. e.g. the
emergency calling number, which is dialed from is subscriber is 911. In the 2nd step, the same
number extended with the route ID goes again into this PAC.

Emergency Number

20
7-
-0
Allows to dial „plain“ Emergency

20
Number as well with Route ID

o_
with the same PAC

ol
ic Forward number unmodified
en
_G

to next level
do
an
rn
Fe
._
_L

Call Type is „Off-net Access“ and

EN

will be forwarded to the Destina-

00

tion Code
EN
40
88
EN

198 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

7.3.2.3 Destination Code for E911 Calls

We need two different Destination Codes. The first code points to the service destination,
which is used to lookup the emergency calling information.

PAC (enter manually or press …

to select) and Nature of Address
from previous step

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

Traffic Type „Emergency“

ignores call restrictions

Service „Emergency“ looks up

Emergency Calling Definitions

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 199
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

For every Routing ID, which is defined in the emergency calling subnets, a destination code is
required to send to call to a gateway.

PAC plus Route ID

(enter manually !) and Nature of
Address as defined in Emergency
Definition

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88

Traffic Type „Emergency“

EN

ignores call restrictions

Destination „D_Munich_SE“
sends the call to the munich gate-
way

 Please note: We have to define a Destination

Route  Endpoint for successful routing.

200 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

For our Labs we replaced the dialed EmergencyNumber + RouteID with a routable E164 num-
ber in order to receive the subscriber in the PSAP Center.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 201
FN9850FN10FN_TBAZZZAIMHY
 E911 Provisioning

20
7-
-0
20
Enter priority for this

o_
route between 1 (highest)

ol
ic and 255 (lowest)
en
_G
do
an

Enter / choose endpoint

rn

(gateway)
Fe
._
_L
EN
00
EN
40
88
EN

For SIP carries (Optional),

replace dialed Emergency
Number (1121) with the
emergency calling number
(with area code) or with our
test Subscriber and set correct
NOA (e.g. „International“).

202 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 OSB with local Media Server

8 OSB with local Media Server

This section describes the configuration of the usage of the OSB Media Server – connected via
CSBC.
Objectives:
• the local MS (OSB MS) resources shall be used
• if the local MS resources are not available the centralized MS resource shall
be used.
Prerequisites:

20
• OSB Media Server enabled

7-
-0
• Centralized Media Server reachable (e.g. UC small deployment)

20
o_
showcase:

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 203
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

8.1 Provisioning
The idea is to configure an additional IP-Address on the core side of the CSBC which can be
used later from the OSV to address particular OSB Media Server via CSBC.
Please note: An additional core side IP address/ FQDN has to be defined on the OS-SBC and
needs to be unique (it can not match the main core address of the OS-SBC or be
used for SIP communications).
This is then the address used in the OSV for the media server.

8.1.1 CSBC configuration

Start within the „Remote Endpoints“ mask and create the Media Server Profile …

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN

Please note: In case of OSB is behind an external NAT Router, it is recommended to activate
00

the „MGCP over SIP flag“.

EN
40

Create the Core Realm for Media Server ...

88
EN

204 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

Configure the Realm Profile to be used later ...

Create the remote endpoint for the Media Server and assign the Media Server Core realm pro-
file ...

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88

Please note: Associated Endpoint is required. This is important, if the EP is behind NAT.
EN

Assign the Remote Location Information URL. Use the (private) Proxy IP:

Finally, apply changes.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 205
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

8.1.2 OSV configuration

The following is just an example configuration - please adapt this accordingly. It shouldn‘t re-
place further trainings ...
Goal: Local Media Server resources of „Boca“ shall be used.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

206 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

Proceed with the Global Translation and Routing > Translation ...

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

The Routing Area has to be assigned to the EP - or to particular subscribers. If you assign it to
the EP in general, all „proxied“ subscribers use this Routing Area.

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 207
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

Proceed with the Global Translation and Routing > Destination and Routes ...

20
7-
-0
20
o_
ol
ic
Routes: First Route addresses the local MS on the Branch site. The second entry can be used
en
_G

for backup purposes - e.g. a centralized MS ...

do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

208 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

„Prioritized“ needs to be activated ...

20
7-
-0
20
o_
Validate the Name and Routes ...

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 209
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

Proceed with Origin Destinations > AnnOrigDest ...

20
7-
-0
20
o_
Validate the Routing Area - in our example „RA_Boca“ - and Destination Name (D_MS_Boca).

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

210 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

8.1.3 OSB configuration

Finally, activate the MS on the OSB.

20
7-
-0
20
o_
ol
ic
en
_G

Please check, if the local MS are used.

do

A MGCP/RTP Trace can be performed via: „Diagnostics & logs“ > „Debugging“ - Debugging
an

Tools > Network Tracer.

rn
Fe
._
_L
EN
00
EN
40
88
EN

02.2019
© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
Configuration 211
FN9850FN10FN_TBAZZZAIMHY
 Provisioning

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

212 Configuration 02.2019

© Unify Software and Solutions GmbH & Co. KG 2019 All rights reserved
FN9850FN10FN_TBAZZZAIMHY