3com/Ingate Open Network (ON) Integration Notes - SIParator-AppNotes

Page 1 of 22 Blue

3Com Open Network™ Solutions Lab Application Notes Authors: Shane Cleckler : Ingate, Bob Blair : 3Com

Application Notes for the Ingate SIParator v4.5.2 with 3Com VCX v7.1.14c Issue: 1.1 Date: 11/19/2007 Abstract: These application notes describe the configuration

procedures required to allow the Ingate SIParator to interoperate with the 3Com VCX voice solution.

This application note contains detailed configuration

information that was required in order to interoperate the 3Com VCX with the Ingate SIParator. During compliance testing, the Ingate SIParator was shown to successfully provide the ability for the SIP messaging and corresponding media to traversal the corporate firewall boundary and to solve the SIP trunking issues between the 3Com VCX and ITSP.

This solution was jointly tested by Ingate and 3COM.

This solution requires a moderate level of telephony and IP network expertise to implement.

Page 2 of 22


Table of Contents

Revision History ....................................................................................................3 References ...........................................................................................................3 Objective...............................................................................................................4 Company and Product Details ..............................................................................4

Ingate SIParator Overview ................................................................................5 Standard Ingate SIParator® Features: ..........................................................5 Ingate SIP Trunking Module ..........................................................................5

How it Works .....................................................................................................7 Hardware Revisions..............................................................................................7 Software Revisions ...............................................................................................7 Installation Overview.............................................................................................7 Network Topology .................................................................................................8 Testing Observations ............................................................................................9 Configuration Details.............................................................................................9

3COM VCX Configuration file............................................................................9 Ingate SIParator Configuration Details ...........................................................14

Verification Tests ................................................................................................21 Product Support ..................................................................................................22

3COM product support: ...................................................................................22 Ingate Systems Product Support:....................................................................22

Conclusion ..........................................................................................................22

Page 3 of 22


Revision History Revision Date Author Reason for change

1.0 10/23/2007 Shane Cleckler Original

1.1 11/19/2007 Bob Blair Formatting, content verification, final version definitions

References Date Document Name Revision Company

Page 4 of 22


Objective This application note contains detailed configuration information that was required in order to interoperate the 3Com VCX with the Ingate SIParator. During compliance testing, the Ingate SIParator was shown to successfully provide the ability for the SIP messaging and corresponding media to traverse the corporate firewall boundary and to solve the SIP trunking issues between the 3Com VCX and ITSP.

Company and Product Details Ingate® Systems develops firewall technology and products that enable SIP-based live communication for the enterprise while maintaining control and security at the network edge. Ingate has a long history of developing next-generation firewall technology that solves the NAT/firewall traversal issue inherent in SIP communications. In addition to an extensive line of Ingate Firewalls®, the company also produces the award-winning Ingate SIParator®, a device that connects to an existing network firewall to seamlessly enable SIP communications. Ingate products currently protect the networks of retail companies, financial institutions, industrial firms, government agencies and small-to-large enterprises throughout Europe, Asia and North America. Additionally, Ingate has established the SIP Trunking Network at www.siptrunk.org , an educational resource that aggregates information from throughout the SIP trunking community in an industry-wide effort to educate enterprises about SIP trunking, to help simplify deployments. Ingate Systems AB is headquartered in Sweden with offices in Stockholm and Linköping. Its wholly-owned subsidiary, Ingate Systems Inc., is located in Hollis, New Hampshire, with a U.S. technology center in Frisco, Texas. For more information on Ingate Systems, visit www.ingate.com.

• Technical Summary

http://www.ingate.com/products.php http://www.ingate.com/whitepapers.php

• Datasheet http://www.ingate.com/files/Ingate_SIParator_general_A4_EN_E.pdf

• Features, Functions, and Benefits http://www.ingate.com/products.php

http://www.siptrunk.org/

http://www.ingate.com/

http://www.ingate.com/products.php

http://www.ingate.com/whitepapers.php

http://www.ingate.com/files/Ingate_SIParator_general_A4_EN_E.pdf

http://www.ingate.com/products.php

Page 5 of 22


Ingate SIParator Overview

Ingate SIParators are a one-box solution, designed to enable complete firewall security with minimal effort or risk. The SIP proxy and SIP registrar that come standard on all Ingate SIParators enable the seamless, secure traversal of SIP communications with the addition of a single piece of hardware to your existing firewall: an Ingate SIParator®. The Ingate SIParator® controls SIP traffic without affecting the security provided by your firewall. Compatible with all existing firewalls, networks and operating systems, Ingate SIParators can support the needs of enterprises of all sizes. Through Ingate's Web interface you can easily make network specific adjustments without having to be a security expert. In addition, administrators are able to select the authentication process that works best for them. Software preinstallation coupled with Ingate's easy-to-use web user interface for configuration provides the ease of use that enhances security by eliminating the user errors that often occur at setup.

Following is a list of the standard features of all Ingate SIParators.

Standard Ingate SIParator® Features:

• Easy to install and configure • All enterprise firewalls supported • Preserves firewall investment • Can connect to the DMZ port • Security can still be fully controlled by legacy firewall • Works both as in-coming and out-going proxy • SIP server with both SIP Proxy and SIP registrar included • No location server required on LAN for incoming SIP requests • Support for DNS SRV records • Stateful or stateless operation is used based on the nature of the SIP

request • Parallel issue of requests to multiple destinations • Session timer • Record routing • Via hiding • TLS support for encrypted SIP signalling • SRTP support for encrypted SIP media

Ingate SIP Trunking Module

For enterprises wanting to make full use of their installed IP-PBXs and not only communicate over IP within the enterprise, but also outside the enterprise the Ingate SIP Trunking module offers an easy and smooth transition to a modern and future-proofed SIP trunk provided by an Internet Telephony Service Provider

Page 6 of 22


to connect to the traditional PSTN network. SIP trunks can offer significant cost-savings for enterprises, eliminating the need for local PSTN gateways, costly ISDN BRIs (Basic Rate Interfaces) or PRIs (Primary Rate Interfaces).

SIP trunking is a service offered by Internet Telephony Service Providers (ITSPs) which permits businesses to adopt Voice-over-IP (VoIP) using the same connection as the Internet connection and remain in touch with others who rely on the PSTN as the enterprise IP-PBX is connected to the service provider’s PSTN gateways over the Internet.

The SIP Trunking software module, working in conjunction with an Ingate Firewall or SIParator, solves the Network Address Translation (NAT) traversal issues that are faced by businesses using a SIP trunk. Together, they control both incoming and outgoing communications and route the communication to the intended users. All voice traffic (as well as data traffic) must traverse the enterprise firewall/NAT. However, SIP traffic cannot traverse traditional enterprise firewalls and NAT devices. As a result, the firewall/NAT device blocks all SIP traffic, which includes VoIP. Ingate resolves this issue, enabling enterprises to utilize SIP trunks.

Ingate SIP Trunking provides advanced routing capabilities that enable enterprises to connect to SIP trunks. Frequently, the SIP traffic coming from the PBX to be routed to the ITSP (and vice versa) is neither written in the format that the other expects nor contains the correct routing information to get it to its intended destination. Ingate’s SIP Trunking software module can overcome these issues, and provide a seamless connection to and from the provider. Ingate SIP Trunking can handle authentication at the service provider to validate the enterprise as the correct user of the SIP trunk. It also provides the flexibility to interoperate with carrier-specific requirements like numbering plans.

Eliminating international calling costs, Ingate SIP Trunking can direct international calls to national, or local, PSTN lines within the country being called. Businesses can use multiple service providers by establishing least cost routing rules, and switch between them depending on which offers the best possible rates (which may vary by time, day or location). Long distance calls cost the same as a local call, reducing expenses for businesses as well as their customers, partners, etc. trying to reach, for example, the corporate sales force. The support for multiple SIP trunks also offers redundancy. If a connection to one ITSP goes down, Ingate can immediately transfer the traffic to another ITSP.

Page 7 of 22

3Com Open Network™ Solutions Lab Application Notes

How it Works Ingate's SIP-enabling SIParators are connected to an existing enterprise firewall to seamlessly and effortlessly enabling the secure traversal of SIP-based communications. The Ingate SIParator® can be configured in three different ways, ensuring its compatibility with any commercially available firewall product.

Hardware Revisions • SIParator 50 • SIParator 19 • VCX v7000

Software Revisions • Ingate SIParator – Software Version 4.5.2, Patch ig-patch-4-5-2-

shortform-se • Ingate Startup Tool Version 1.0.7 • VCX v7.1.14c

Installation Overview The environment tested consists of a multisite office connected by a private network. Each site has an Ingate SIParator as well as its own SIP Trunks. The phones at each site register directly over the private network to the VCX (path is not through the SIParator). If a call is made that should go to the ITSP, then the VCX sends the call to the internal IP address of the SIParator at that branch office. The SIParator performs the trunking to the ITSP. The media from the phone is handled through the SIParator. Inbound calls (from the ITSP) at each site are routed via the SIParator through the private network to the VCX. The VCX routes the call back over the private network to the applicable phone.

Authors: Shane Cleckler : Ingate, Bob Blair : 3Com

Page 8 of 22


Network Topology


Page 9 of 22


Testing Observations Manual configuration of the Ingate SIParator is configured using a web GUI. The Ingate Startup Tool (available at www.ingate.com) can also be used to perform the configuration. The Startup Tool is a Windows application that is designed to allow the admin to input information about the environment and perform the configuration automatically. For a complex environment, it is possible that slight adjustments may need to be made in the GUI following the use of the Startup Tool to account for variations from a “standard” configuration.

Configuration Details The following configuration details represent the configuration under test.

3COM VCX Configuration file VCX was configured to route outbound calls originating from headquarter phones to the HQ Ingate. Calls from branch phones are routed to the branch Ingate. Incoming calls from either Ingate were routed to the Epic Call Center. Below is a series of screen captures showing the relevant VCX configuration details.


Page 10 of 22


Number translation is configured to replace the local extension with the DID that is associated with the local Ingate for outgoing calls. This example used 82* for placing external calls.

The headquarters and branch phones were assigned separate phone profiles to use for source-based routing to the local Ingate. Phone Profiles Agent Branch and Agent-HQ were defined.


Page 11 of 22


Outbound calls from local extensions are routed to the local Ingate using phone profile for the source route. For HQ phones, the Branch Ingate is a secondary route and vice-versa.

Incoming calls to either of the DIDs are routed to Epic Call Center. EPIC login,logout etc. are routed to EPIC (1301-1304) Outbound calls initiated by EPIC are routed to the HQ Ingate using EPIC IP address for Source route. The branch office Ingate is a secondary route.


Page 12 of 22


Route plan summary for incoming calls to be routed to Epic call center.


Page 13 of 22


The standard built-in Class of Services on VCX do not allow a “+” on incoming calls. This can be handled by stripping off the + at some point or modifying the COS definitions. In this example we modified the COS named International.


Page 14 of 22


Ingate SIParator Configuration Details Below are the Show Configuration Pages from Headquarters SIParator and Branch Office SIParator. They show all of the detailed settings used on each unit during this test. Also attached is the Show Configuration page from the first install. It includes configuration in the Dial Plan to cover Operator, 411, 911, and 611 calls. This was not included in the Dial Plan of the original testing.

HQ_SIParator.htm Branch_SIParator.htm Atlanta - SIParator.htm


Page 15 of 22


The easiest way to configure the SIParator is using the Ingate Startup Tool (downloadable from http://www.ingate.com/startuptool.php) Please use version 1.0.7 or newer of the tool. When running the tool, on the first page, select the model you are installing.


http://www.ingate.com/startuptool.php

Page 16 of 22


If the unit is factory fresh, you can put in the IP address you want to assign the interface, the MAC address of the unit, and the password and it will contact the unit and assign the address. Fill in the fields the information and press contact. As in the example below, if the unit already has an IP address (assigned by through the serial port configuration), you can simply enter the IP address and password and press contact.


Page 17 of 22


Create a support account on the Ingate webpage www.ingate.com. Enter the information in the fields. Click Register. Enter the license code provided with your unit and click install. Then click Launch.



Page 18 of 22


For using the SIParator, choose the mode you want it to be in. In this example the SIParator was configured for Standalone mode of operation. Enter the IP addressing information for each interface. Click enable SIP Trunking Click on Launch


Page 19 of 22


Choose the Trunking Provider and input the required information. With some providers, the information will be provided automatically. Enter the DNS servers that the Ingate can use. Choose 3Com from the IP-PBX list and enter the IP address. Click Launch


Page 20 of 22


The final step will take you to the web GUI. You must log in and apply the configuration. Press Apply Configuration. A few seconds later you will receive another page where you need to press Save Configuration.


Page 21 of 22


Verification Tests All basic call scenarios were successfully completed including calls to/from the ITSP. Test calls were initiated from external extensions, internal extensions, and via the ITSP PSTN gateways.

• Inbound / Outbound calls • Hold • Supervised Transfer • Anonymous Calling • Conference Calls • Supervisory Monitoring • Call forwarding • Camp On • Verify DND • Speed Dial • Circular Hunt Groups • Voicemail: Audio Quality and Access • E911

The following features were tested and found to be inoperable. Upon troubleshooting the environment it was identified as a VCX v7.1 issue. These features will need to be addressed in a future release yet to be determined.

• Blind Transfer • Semi-Attended Transfer

Page 22 of 22


Product Support Product support can be obtained from the respective product suppliers.

3COM product support: Main 3COM Support link: http://www.3com.com/products/en_US/support/index.html

Asia Pacific Telephone: +65 6543 6645 Fax: +65 6543 6518 E-mail: [email protected]

Europe, Middle East and Africa Telephone: +44 (0)1442 435529 (Option 4) Fax : +44 (0)1442 435811 E-mail: [email protected]

North America and Latin America Telephone: 866-326-6222 (Option 3) Fax : 408-326-7140 E-mail: [email protected]

Ingate Systems Product Support: www.ingate.com Email: [email protected]

Conclusion The testing between the Ingate SIParator and 3Com VCX was successful. Call scenarios between the different sites worked as well as SIP trunking calls to and from the ITSP. The supported providers are Bandwidth.com and Level 3.

http://www.3com.com/products/en_US/support/index.html

mailto:[email protected]






www.ingate.com

Documents

3com/Ingate Open Network (ON) Integration Notes - SIParator-AppNotes