CUSTOMER GUIDE Interoute One SIP/H.323 Trunk Configuration Guides... · Interoute One SIP/H.323 Trunk Configuration 3 Customer Voice Equipment Configuration 3.1 Signalling 1. Configure

CUSTOMER GUIDE Interoute One SIP/H.323 Trunk Configuration

© Interoute Communications Limited Private and Confidential

Interoute One SIP/H.323 Trunk Configuration

Version History

Version Date Title

1 15/12/2010 Initial Release

2 11/03/2011 Updated dial plan section

3 04/04/2011 Updated dial plan section

4 07/10/2013 Updated dial plan/digits section to make clearer

5 24/04/2015 Updated Interoute Branding and general update

6 5/6/2017 Added SRTP/SIP over TLS configuration requirements.

7 22/8/17 Added accepted SIP Methods, information regarding CLI, Digest Authentication information

Copyright Statement © Interoute 23 August 2017

This document contains information proprietary to Interoute.

Nothing within this document may be construed as an offer to supply goods or services except where explicitly stated. All sales are subject to contract.

Interoute is a trading name of Interoute Communications Limited, registered in England number 04472687, registered address 25 Canada Square, Canary Wharf, London E14 5LQ, UK.



Contents

1 Introduction .............................................................................................................. 4

2 Prerequisites ............................................................................................................. 4

3 Customer Voice Equipment Configuration .................................................................. 5

3.1 Signalling ..................................................................................................................................... 5

3.2 Media .......................................................................................................................................... 6

3.3 Digit formats for sending calls TO Interoute ............................................................................... 7

3.4 Digit formats for receiving calls FROM Interoute ........................................................................ 8

3.5 Calling Party Identification (CLI) Presentation and Restriction ................................................... 8

3.5.1 Calls TO Interoute ............................................................................................................... 8 3.5.2 Calls FROM Interoute .......................................................................................................... 9

4 Customer Firewall Configuration................................................................................ 9

4.1 Public – Internet with NAT .......................................................................................................... 9

4.2 Public – Internet without NAT ..................................................................................................... 9

4.3 Private – Interoute IPVPN ............................................................................................................ 9

5 Testing .................................................................................................................... 10

6 Changes .................................................................................................................. 10

7 Support ................................................................................................................... 10

8 Legal ....................................................................................................................... 10

9 FAQ ........................................................................................................................ 11

9.1 Calls to the PSTN fail .................................................................................................................. 11

9.2 Calls from the PSTN fail ............................................................................................................. 11

9.3 Local dialling (without an area code) does not work ................................................................ 11

9.4 Speech is in only one direction when calls are made or received ............................................. 11

9.5 There is silence on the line until someone speaks .................................................................... 11

9.6 The firewall is stopping the service from working .................................................................... 12



1 Introduction This document details generic information that the customer requires in order to configure their voice equipment to communicate with Interoute’s network. Interoute does not provide vendors specific guides except for Microsoft Skype for Business Server.

Shoretel provide a configuration guide specifically for ShoreTel Connect Onsite Systems. The guide is available by clicking on the link: https://support.shoretel.com and search for “Interoute”.

Interoute provide a configuration guide specifically for Microsoft Skype for Business Server 2015 and Microsoft Lync Server 2013.

2 Prerequisites The customer must have received a “ready for testing” or “service handover” e-mail from

Interoute advising that the service has been provisioned.

The voice equipment must have a static or sticky IP address.

The voice equipment must be able to access the Public Internet or IPVPN, whichever was selected at the time of order. If using Public Internet then the IP address should be static. If dynamic then the service will stop working when the customer’s Internet Service Provider reassigns the Public IP to someone else.

The IP connection should have sufficient bandwidth in both upload and download directions. Assume 100kbps in each direction is required per concurrent call. Wireless connections should be avoided.

The voice equipment must support:

o If encryption is not enabled: SIP over UDP

o If encryption is enabled. SIP over TLS over TCP

The customer must have rights to edit the configuration of the voice equipment and any firewall between that and Interoute.

https://support.shoretel.com/



3 Customer Voice Equipment Configuration

3.1 Signalling

1. Configure the voice equipment to connect to Interoute. Any firewall between Interoute and the customer voice equipment must allow this traffic.

a. If a SIP trunk was ordered then use the details below: The Interoute purchase order and the Interoute Service Handover will state if the SIP trunk is provisioned for encryption or not. Follow the instructions in the relevant column.

Signalling (SIP) Setting without

Encryption Setting with Encryption

Protocol SIP SIP

(not SIPS)

Transport protocol UDP TLS over TCP

Customer signalling port 5060 50611

Interoute signalling port 5060 5061

Interoute signalling IP Interoute to provide to customer

Interoute subnet for signalling and media

Interoute to provide to customer

Registration, Digest Authentication

Disabled/None (There is no username and password since

authentication is based on the IP address, visible to Interoute’s SBC, of the customer’s voice equipment.)

Early media offer (SDP in invite)

Enabled

SIP Methods to Disable REGISTER, REFER, SUBSCRIBE

Where the SIP trunk is provisioned for encryption then the customer’s voice equipment must trust Interoute’s SBCs’ GlobalSign certificates otherwise the service will not work. If the certificates are not trusted then the customer must configure their equipment to trust them by installing the GlobalSign root and intermediate certificates on their equipment. Current details of these are below:

1 If the voice equipment uses a port different to this then Interoute must be informed otherwise the service will not work.



Certificate Type

Thumbprint Download URL Certificate

Expiry

RootCA GlobalSignRootCA-

Thumbprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c

https://secure.globalsign.net/cacert/Root-R1.crt

28/1/2028

IntermediateCA

GlobalSign DomainValidation CA SHA256-G2-

Thumbprint: 73:6a:4d:c6:79:d6:82:da:32:15:63:64:7c:60:f6:99:f0:df:c2:68

https://secure.globalsign.com/cacert/gsdomainval

sha2g2r1.crt

20/2/2024

Note that these certificates may change from time to time. It is the customer’s responsibility to enable trust of new certificates when required and before any certificate expiry date, whichever date is earlier. Lack of trust may cause calls to fail.

b. If a H.323 trunk was ordered then use the details below:

Signalling (H.323) Setting

Protocol H.323

Transport protocol UDP

Customer signalling port 1720

Customer signalling IP Customer to provide to Interoute

Interoute signalling port 1720

Interoute signalling IP Interoute to provide to customer

Interoute subnet for signalling and media

Interoute to provide to customer

Registration Disabled

Fast start Enabled

3.2 Media The Interoute purchase order and the Interoute Service Handover will state if the trunk is provisioned for encryption or not.

1. The following media settings should be used:

Media Setting

Protocol RTP (SRTP if Encryption was ordered/provisioned)

Transport Protocol UDP

Customer media ports Customer to provide to Interoute

Customer media IP 1 Customer to provide to Interoute

Customer media IP 2 (optional) Customer to provide to Interoute

Interoute media ports 11,000 - 65,000

Interoute media IP 1 Interoute to provide to customer



https://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt





Interoute media IP 2 Interoute to provide to customer

2. Codecs, DTMF, Fax settings:

Codec, DTMF, Fax Setting Packet Interval

Notes

Codec preference 1 G.711a-law 20ms Very good quality

Codec preference 2 G.711μ-law (or mu-law) 20ms Very good quality

Codec preference 3 (optional) G.729a 20ms Good quality

Codec preference 4 (optional) G.729ab 20ms Good quality with

silence suppression

DTMF RFC 2833

Fax T.38 with G.711 fall-back

3.3 Digit formats for sending calls TO Interoute It is preferred for all calls to be sent to Interoute in International (E.164) format with a leading + however as some customer equipment cannot send a + then the below rules may be followed.

Configure the voice equipment to send calls to Interoute following the rules below where:

NSN = National Number (without leading 0)

CC = Country Code

Identify the customer’s country in the “Customer’s Country” columns then adhere to the rules in the rows beneath that country

Customer’s Country USA

Canada American Samoa

Anguilla Antigua

Bahamas Barbados Barbuda Bermuda

British Virgin Islands Cayman Islands

Grenada Guam

Montserrat Northern Marianna Islands

Puerto Rico St. Lucia

St. Maarten Turks & Caicos Islands

US Virgin Islands

Rest of World

Calling Party Number Format (Customer’s telephone number)

+CCNSN or CCNSN

+CCNSN or CCNSN



Called Party Number Format (The destination telephone number)

+CCNSN or 011CCNSN e.g. Call to UK +442079460001 or 011442079460001 National format may be accepted for calls to the emergency services2 e.g. For emergency 911, +1911 or 0111911

+CCNSN or 00CCNSN e.g. Call to UK +442079460001 or 00442079460001 National format may be accepted for calls to the emergency services2 e.g. For emergency 999, 112, +44112, 0044112

3.4 Digit formats for receiving calls FROM Interoute Configure the voice equipment to receive calls from Interoute following the rules below where:

NSN = National Number (without leading 0)

CC = Country Code

Calling Party Number Format

(The Originating telephone number)

+CCNSN or CCNSN

(i.e. e.164 format)

e.g. From US number

+18177863778 or 18177863778

Called Party Number Format

(Customer’s telephone number)

+CCNSN or CCNSN

(i.e. e.164 format)

e.g. To US number

+18776242660 or 18776242660

3.5 Calling Party Identification (CLI) Presentation and Restriction

3.5.1 SIP Calls TO Interoute If the customer wishes to restrict their CLI for calls sent over the trunk to Interoute then the customer’s voice equipment must either add a “Privacy:id” header (RFC3325) or add a “Remote-Party-ID:” header with “privacy=full” (IETF draft draft-ietf-sip-privacy-04.txt) in the signaling.

The FROM header must contain the customer’s CLI.

Note that sending an invalid CLI may result in the call being charged at a higher cost.

2 National dialling for Emergency calls is not supported if the customer is originating calls from multiple countries since emergency numbers may overlap between countries, e.g. 112. In this case emergency calls must be sent to Interoute in International format. This is a technical limitation.

https://tools.ietf.org/html/rfc3325

https://tools.ietf.org/html/draft-ietf-sip-privacy-04.txt



3.5.2 SIP Calls FROM Interoute The “FROM” header in an INVITE message contains the CLI in e.164 format. This will state “Anonymous” when the CLI has been restricted otherwise it will state the calling party number to be displayed.

4 Customer Firewall Configuration There are two supported methods to connect a customer’s voice equipment to Interoute:

Public – Internet

Private – Interoute IPVPN Connectivity Service

In both cases a logical “Trunk” is configured on Interoute’s Session Border Controller (SBC) cluster so that voice calls can be carried between Interoute and the Customer voice equipment.

4.1 Public – Internet with NAT Where the public Internet is used it is typical that a customer firewall is located between the Internet and the customer voice equipment. The voice equipment typically has private IP addressing (RFC 1918) and the firewall performs Network Address Translation (NAT).

Note:

Only static (1:1) NAT is supported.

Port Address Translation (PAT) is not supported.

Process:

1. Configure the firewall to Static NAT the Public IP of the voice equipment to the Private IP.

2. Configure the firewall to allow bi-directional traffic between the voice equipment and Interoute. Use the ports and IPs detailed in section 3.1. If possible allow the subnets as this will mean that the firewall will not need reconfiguration if additional media addresses are added later.

3. Interoute must be informed that the voice equipment is behind NAT.

4.2 Public – Internet without NAT Where the public Internet is used without NAT then the customer voice equipment has a public IP and any firewall between the Internet and the customer voice equipment simply applies an access control list (ACL).

Process:


4.3 Private – Interoute IPVPN Where a private connection is used it is typical that there is either no firewall or simply a firewall applying an ACL between the customer voice equipment and Interoute. No NAT is performed and the



voice equipment may use any IP addressing scheme as the SBC cluster has logical interfaces, dedicated to the customer, directly connected to the IPVPN.

Process:


5 Testing It is recommended that the customer performs the following tests to confirm that the service works as expected.

Make an outbound call to the PSTN via Interoute

Make an inbound call from the PSTN via Interoute (Only applicable if telephone numbers have been purchased from Interoute).

If the call does not work then first confirm that the voice equipment is sending and receiving signalling and media to/from Interoute and that it is successfully passing through any firewall before contacting Interoute for support.

6 Changes To request commercial changes to the service please speak to the Interoute account manager.

To request technical changes to the service please raise a request via the portal http://myservices.interoute.com. Navigate to Tickets -> Requests -> New Request.

In all cases the Service ID (SID) that Interoute will have provided on service handover to identify the affected service must be quoted.

7 Support For technical support contact Interoute via one of the below methods:

Telephone or e-mail: http://www.interoute.com/contact-us

Portal: Raise an incident via https://myservices.interoute.com. Navigate to Tickets -> Incidents -> New Incident

In all cases the Service ID (SID) that Interoute will have provided on service handover to identify the affected service must be quoted.

8 Legal For terms and conditions see: http://www.interouteone.com/legal

http://myservices.interoute.com/

http://www.interoute.com/contact-us

https://myservices.interoute.com/

http://www.interouteone.com/legal



9 FAQ

9.1 Calls to the PSTN fail 1. Dial a different PSTN number to confirm that the issue is not specific to the number, area code

or country. 2. Check that the correct IP details were provided to Interoute 3. Check that Interoute’s addressing is correctly configured on the voice equipment 4. If there is a firewall between Interoute and the voice equipment then check that it is configured

correctly. 5. Check that the SIP messages are leaving the voice equipment using a packet capture device or

software (for example www.wireshark.org/download.html) 6. If the problem persists, please contact Interoute using the support contacts stated in section7.

9.2 Calls from the PSTN fail 1. Confirm that the customer voice equipment is configured to accept calls in the format stated

earlier in this document. 2. If the problem persists, please contact Interoute using the support contacts stated in section

7.

9.3 Local dialling (without an area code) does not work If local dialling is to be supported then this must be configured on the voice equipment.

Please ensure that the voice equipment sends the full international number to Interoute in the expected format described earlier in this document.

9.4 Speech is in only one direction when calls are made or received

1. Check that the audio device (headset) is plugged in correctly. USB headsets are preferred as they are generally better quality than those with separate 3.5mm jacks for the speaker and microphone.

2. Check that calls can be made and received successfully, with speech in both directions to other users in the customer’s LAN/office.

3. Check that the issue only occurs when making an external/PSTN call. 4. Check the firewall settings as this is the most likely the cause of the issue. 7. If the problem persists, please contact Interoute using the support contacts stated in section

7.

9.5 There is silence on the line until someone speaks Often, in order to get voice calls through a corporate firewall, the user needs to send a packet out to enable the media path to be setup correctly through to Interoute. This can be triggered by something as simple as background noise or breathing.

http://www.wireshark.org/download.html



9.6 The firewall is stopping the service from working Interoute One provides customers with a secure solution that works with, rather than around, firewalls. Interoute therefore requires that the customer allow certain ports and protocols through the firewall for the service to work.

Documents

CUSTOMER GUIDE Interoute One SIP/H.323 Trunk Configuration Guides... · Interoute One SIP/H.323 Trunk Configuration 3 Customer Voice Equipment Configuration 3.1 Signalling 1. Configure