Configuration Note

AudioCodes Professional Services – Interoperability Lab

Connecting Cisco Unified Communications Manager Ver. 12.0

with Microsoft® Teams Direct Routing Enterprise Model using
AudioCodes Mediant™ SBC

Version 7.2
Configuration Note Contents

Table of Contents
1 Introduction .........................................................................................................7
1.1 Intended Audience.................................................................................................. 7
1.2 About Microsoft Teams Direct Routing ................................................................... 7
1.3 About AudioCodes SBC Product Series ................................................................. 7
2 Component Information......................................................................................9
2.1 AudioCodes SBC Version....................................................................................... 9
2.2 Cisco CUCM Version.............................................................................................. 9
2.3 Microsoft Teams Direct Routing Version ................................................................. 9
2.4 Interoperability Test Topology .............................................................................. 10
2.4.1 Enterprise Model Implementation......................................................................... 10
2.4.2 Environment Setup .............................................................................................. 11
2.4.3 Infrastructure Prerequisites .................................................................................. 11
2.4.4 Known Limitations ............................................................................................... 11
3 Configuring Teams Direct Routing ..................................................................13
3.1 Prerequisites ........................................................................................................ 13
3.2 SBC Domain Name in the Teams Enterprise Model ............................................. 13
3.3 Example of the Office 365 Tenant Direct Routing Configuration ........................... 14
3.3.1 Online PSTN Gateway Configuration ................................................................... 14
3.3.2 Online PSTN Usage Configuration....................................................................... 14
3.3.3 Online Voice Route Configuration ........................................................................ 14
3.3.4 Online Voice Routing Policy Configuration ........................................................... 14
3.3.5 Enable Online User ............................................................................................. 15
3.3.6 Assigning Online User to the Voice Route............................................................ 15
4 Configuring Cisco CUCM .................................................................................17
4.1 Log in to Cisco Unified Communications Manager................................................ 17
4.2 Create a New Trunk ............................................................................................. 17
4.3 Create a New Route Pattern................................................................................. 19
5 Configuring AudioCodes SBC .........................................................................23
5.1 SBC Configuration Concept in Teams Direct Routing Enterprise Model ............... 24
5.2 IP Network Interfaces Configuration ..................................................................... 24
5.2.1 Configure VLANs................................................................................................. 25
5.2.2 Configure Network Interfaces .............................................................................. 25
5.3 SIP TLS Connection Configuration ....................................................................... 27
5.3.1 Configure the NTP Server Address ...................................................................... 27
5.3.2 Create a TLS Context for Teams Direct Routing .................................................. 28
5.3.3 Configure a Certificate ......................................................................................... 29
5.3.4 Method of Generating and Installing the Wildcard Certificate ................................ 32
5.3.5 Deploy Baltimore Trusted Root Certificate ........................................................... 33
5.4 Configure Media Realms ...................................................................................... 34
5.5 Configure SIP Signaling Interfaces ....................................................................... 35
5.6 Configure Proxy Sets and Proxy Address ............................................................. 36
5.6.1 Configure a Proxy Address .................................................................................. 37
5.7 Configure Coders ................................................................................................. 39
5.8 Configure IP Profiles............................................................................................. 41
5.9 Configure IP Groups ............................................................................................. 44

Version 7.2 3 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.10 Configure SRTP ................................................................................................... 46

5.11 Configuring Message Condition Rules .................................................................. 47
5.12 Configuring Classification Rules ........................................................................... 48
5.13 Configure IP-to-IP Call Routing Rules................................................................... 49
5.14 Configuring Firewall Settings ................................................................................ 50
5.15 Configure Number Manipulation Rules ................................................................. 51
5.16 Configure Message Manipulation Rules ............................................................... 52
5.17 Miscellaneous Configuration................................................................................. 59
5.17.1 Configure Call Forking Mode ............................................................................... 59
5.17.2 Optimizing CPU Cores Usage for a Specific Service (relevant for Mediant 9000 and
Software SBC only) ......................................................................................................... 60
A AudioCodes INI File ..........................................................................................61

AudioCodes Mediant SBC 4 Document #: LTRT-29313

Configuration Note Notices

Notice

Notice
Information contained in this document is believed to be accurate and reliable at the time of
printing. However, due to ongoing product improvements and revisions, AudioCodes cannot
guarantee accuracy of printed material after the Date Published nor can it accept responsibility
for errors or omissions. Updates to this document can be downloaded from
https://www.audiocodes.com/library/technical-documents.
This document is subject to change without notice.
Date Published: November-23-2021

WEEE EU Directive
Pursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed of
with unsorted waste. Please contact your local recycling authority for disposal of this product.

Customer Support
Customer technical support and services are provided by AudioCodes or by an authorized
AudioCodes Service Partner. For more information on how to buy technical support for
AudioCodes products and for contact information, please visit our website at
https://www.audiocodes.com/services-support/maintenance-and-support.

Stay in the Loop with AudioCodes

Abbreviations and Terminology

Each abbreviation, unless widely used, is spelled out in full when first used.

Document Revision Record

LTRT Description

29312 Initial document release for Version 7.2.

29313 Coder Group for Teams was updated.

Documentation Feedback
AudioCodes continually strives to produce high quality documentation. If you have any
comments (suggestions or errors) regarding this document, please fill out the Documentation
Feedback form on our Web site at https://online.audiocodes.com/documentation-feedback.

Version 7.2 5 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

This page is intentionally left blank.

AudioCodes Mediant SBC 6 Document #: LTRT-29313

Configuration Note 1. Introduction

1 Introduction
This Configuration Note describes how to set up the AudioCodes Enterprise Session Border
Controller (hereafter, referred to as SBC) for interworking between Cisco CUCM and
Microsoft's Teams Direct Routing environment.
You can also use AudioCodes' SBC Wizard tool to automatically configure the SBC based
on this interoperability setup. However, it is recommended to read through this document to
better understand the various configuration options. For more information on AudioCodes'
SBC Wizard including the download option, visit AudioCodes Web site at
https://www.audiocodes.com/partners/sbc-interoperability-list.

1.1 Intended Audience

This document is intended for engineers, or AudioCodes and Cisco CUCM partners who are
responsible for installing and configuring Cisco CUCM and Microsoft's Teams Direct Routing
Service in Enterprise Model for enabling VoIP calls using AudioCodes SBC.

1.2 About Microsoft Teams Direct Routing

Microsoft Teams Direct Routing allows connecting a customer-provided SBC to the Microsoft
Phone System. The customer-provided SBC can be connected to almost any telephony
trunk, or connect with third-party PSTN equipment. The connection allows:
◼ Using virtually any PSTN trunk with Microsoft Phone System
◼ Configuring interoperability between customer-owned telephony equipment, such as
third-party PBXs, analog devices, and Microsoft Phone System

1.3 About AudioCodes SBC Product Series

AudioCodes' family of SBC devices enables reliable connectivity and security between the
Enterprise's and the service provider's VoIP networks.
The SBC provides perimeter defense as a way of protecting Enterprises from malicious VoIP
attacks; mediation for allowing the connection of any PBX and/or IP-PBX to any service
provider; and Service Assurance for service quality and manageability.
Designed as a cost-effective appliance, the SBC is based on field-proven VoIP and network
services with a native host processor, allowing the creation of purpose-built multiservice
appliances, providing smooth connectivity to cloud services, with integrated quality of
service, SLA monitoring, security and manageability. The native implementation of SBC
provides a host of additional capabilities that are not possible with standalone SBC
appliances such as VoIP mediation, PSTN access survivability, and third-party value-added
services applications. This enables Enterprises to utilize the advantages of converged
networks and eliminate the need for standalone appliances.
AudioCodes SBC is available as an integrated solution running on top of its field-proven
Mediant Media Gateway and Multi-Service Business Router platforms, or as a software-only
solution for deployment with third-party hardware. The SBC can be offered as a Virtualized
SBC, supporting the following platforms: Hyper-V, AWS, AZURE, AWP, KVM and VMWare.

Version 7.2 7 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

This page is intentionally left blank.

AudioCodes Mediant SBC 8 Document #: LTRT-29313

Configuration Note 2. Component Information

2 Component Information
2.1 AudioCodes SBC Version
Table 2-1: AudioCodes SBC Version

SBC Vendor AudioCodes

Models ▪ Mediant 500 Gateway & E-SBC
▪ Mediant 500L Gateway & E-SBC
▪ Mediant 800B Gateway & E-SBC
▪ Mediant 800C Gateway & E-SBC
▪ Mediant 1000B Gateway & E-SBC
▪ Mediant 2600 E-SBC
▪ Mediant 4000 SBC
▪ Mediant 4000B SBC
▪ Mediant 9000 SBC
▪ Mediant 9030 SBC
▪ Mediant 9080 SBC
▪ Mediant Software SBC (VE/SE/CE)
Software Version 7.20A.254.202 or later
Protocol ▪ SIP/UDP or SIP/TCP (to the Cisco CUCM SIP Trunk)
▪ SIP/TLS (to the Teams Direct Routing)
Additional Notes None

2.2 Cisco CUCM Version

Table 2-2: Cisco CUCM Version

Vendor/Service Provider Cisco

SSW Model/Service CUCM
Software Version 12.0.1
Protocol SIP
Additional Notes None

2.3 Microsoft Teams Direct Routing Version

Table 2-3: Microsoft Teams Direct Routing Version

Vendor Microsoft
Model Teams Phone System Direct Routing
Software Version v.2019.9.24.1 i.EUNO.4
Protocol SIP
Additional Notes None

Version 7.2 9 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

2.4 Interoperability Test Topology

Microsoft Teams Direct Routing can be implemented in the Enterprise or Hosting Models.

2.4.1 Enterprise Model Implementation

The interoperability testing between AudioCodes SBC and Cisco CUCM with Teams Direct
Routing Enterprise Model was done using the following topology setup:
◼ Enterprise deployed with Cisco CUCM as IP-PBX, analog devices and the
administrator's management station, located on the LAN
◼ Enterprise deployed with Microsoft Teams Phone System Direct Routing Interface
located on the WAN for enhanced communication within the Enterprise
◼ AudioCodes SBC is implemented to interconnect between the Cisco CUCM in the
Enterprise LAN and Microsoft Teams on the WAN
• Session: Real-time voice session using the IP-based Session Initiation Protocol
(SIP).
• Border: IP-to-IP network border - the Cisco CUCM is located in the Enterprise
LAN and the Microsoft Teams Phone Systems is located in the public network.

The figure below illustrates this interoperability test topology:

Figure 2-1: Interoperability Test Topology between SBC and Microsoft Teams Direct Routing
Enterprise Model with Cisco CUCM
Enterprise Network

DMZ

Management
Station (OAMP) LAN
Internet
Firewall

Cisco CUCM

AudioCodes Mediant SBC 10 Document #: LTRT-29313

Configuration Note 2. Component Information

2.4.2 Environment Setup

The interoperability test topology includes the following environment setup:
Table 2-4: Environment Setup

Area Setup

Network ▪ Microsoft Teams Direct Routing environment is located on the

Enterprise's (or Service Provider’s) WAN
▪ Cisco CUCM is located on the LAN
Signaling ▪ Microsoft Teams Direct Routing operates with SIP-over-TLS
Transcoding transport type
▪ Cisco CUCM operates with SIP-over-UDP or SIP-over-TCP
transport type
Codecs ▪ Microsoft Teams Direct Routing supports G.711A-law, G.711U-
Transcoding law, G.729, G.722 and SILK (NB and WB) coders
▪ Cisco CUCM supports G.711A-law, G.711U-law, and G.722
coders
Media Transcoding ▪ Microsoft Teams Direct Routing operates with SRTP media type
▪ Cisco CUCM operates with RTP media type

2.4.3 Infrastructure Prerequisites

The table below shows the list of infrastructure prerequisites for deploying Microsoft Teams
Direct Routing.
Table 2-5: Infrastructure Prerequisites

Infrastructure Prerequisite Details

Certified Session Border Controller (SBC)
SIP Trunks connected to the SBC
Office 365 Tenant
Domains
Public IP address for the SBC
Fully Qualified Domain Name (FQDN) for the SBC
See Microsoft's document Plan Direct Routing.
Public DNS entry for the SBC
Public trusted certificate for the SBC
Firewall ports for Direct Routing Signaling
Firewall IP addresses and ports for Direct Routing Media
Media Transport Profile
Firewall ports for Teams Clients Media

2.4.4 Known Limitations

There were no limitations observed in the interoperability tests done for the AudioCodes SBC
interworking between Microsoft Teams Direct Routing and Cisco CUCM.

Version 7.2 11 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

This page is intentionally left blank.

AudioCodes Mediant SBC 12 Document #: LTRT-29313

Configuration Note 3. Configuring Teams Direct Routing

3 Configuring Teams Direct Routing

This section describes how to configure Microsoft Teams Direct Routing to operate with
AudioCodes SBC.

3.1 Prerequisites
Before you begin configuration, make sure you have the following for every SBC you want
to pair:
◼ Public IP address
◼ FQDN name matching SIP addresses of the users
◼ Public certificate, issued by one of the supported CAs

3.2 SBC Domain Name in the Teams Enterprise Model

The SBC domain name must be from one of the names registered in 'Domains' of the tenant.
You cannot use the *.onmicrosoft.com tenant for the domain name. For example, in Figure
2-2, the administrator registered the following DNS names for the tenant:
Table 3-1: DNS Names Registered by an Administrator for a Tenant

Can be used
DNS name Examples of FQDN names
for SBC FQDN

ACeducation.info Yes Valid names:

▪ sbc.ACeducation.info
▪ ussbcs15.ACeducation.info
▪ europe.ACeducation.info
Invalid name:
sbc1.europe.ACeducation.info (requires
registering domain name europe.atatum.biz in
'Domains' first)
adatumbiz.onmicrosoft.com No Using *.onmicrosoft.com domains is not
supported for SBC names
hybridvoice.org Yes Valid names:
▪ sbc1.hybridvoice.org
▪ ussbcs15.hybridvoice.org
▪ europe.hybridvoice.org
Invalid name:
sbc1.europe.hybridvoice.org (requires registering
domain name europe.hybridvoice.org in 'Domains'
first
Users can be from any SIP domain registered for the tenant. For example, you can provide
users [email protected] with the SBC FQDN sbc1.hybridvoice.org so long as both
names are registered for this tenant.

Version 7.2 13 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 3-1: Example of Registered DNS Names

During creation of the Domain you will be forced to create public DNS record
(sbc1.hybridvoice.org in our example.)

3.3 Example of the Office 365 Tenant Direct Routing

Configuration
3.3.1 Online PSTN Gateway Configuration
Use following PowerShell command for creating new Online PSTN Gateway:
New-CsOnlinePSTNGateway -Identity sbc1.hybridvoice.org -SipSignallingPort 5068 -
ForwardCallHistory $True -ForwardPai $True -MediaBypass $True -Enabled $True

3.3.2 Online PSTN Usage Configuration

Use following PowerShell command for creating an empty PSTN Usage:
Set-CsOnlinePstnUsage -Identity Global -Usage @{Add="Interop"}

3.3.3 Online Voice Route Configuration

Use following PowerShell command for creating new Online Voice Route and associate it
with PSTN Usage:
New-CsOnlineVoiceRoute -Identity "audc-interop" -NumberPattern "^\+" -
OnlinePstnGatewayList sbc1.hybridvoice.org -Priority 1 -OnlinePstnUsages "Interop"

3.3.4 Online Voice Routing Policy Configuration

Use following PowerShell command for assigning the Voice Route to the PSTN Usage:
New-CsOnlineVoiceRoutingPolicy "audc-interop" -OnlinePstnUsages "Interop"

AudioCodes Mediant SBC 14 Document #: LTRT-29313

Configuration Note 3. Configuring Teams Direct Routing

Note: The commands specified in Sections 3.3.5 and 3.3.6, should be run for each
Teams user in the company tenant.

3.3.5 Enable Online User

Use following PowerShell command for enabling online user:
Set-CsUser -Identity [email protected] -EnterpriseVoiceEnabled $true -
HostedVoiceMail $true -OnPremLineURI tel:+12345678901

3.3.6 Assigning Online User to the Voice Route

Use following PowerShell command for assigning online user to the Voice Route:
Grant-CsOnlineVoiceRoutingPolicy -PolicyName "audc-interop" -Identity
[email protected]

Use the following command on the Microsoft Teams Direct Routing Management Shell after
reconfiguration to verify correct values:
◼ Get-CsOnlinePSTNGateway

Identity : sbc1.hybridvoice.org
Fqdn : sbc1.hybridvoice.org
SipSignallingPort : 5068
FailoverTimeSeconds : 10
ForwardCallHistory : True
ForwardPai : True
SendSipOptions : True
MaxConcurrentSessions :
Enabled : True
MediaBypass : True
GatewaySiteId :
GatewaySiteLbrEnabled : False
FailoverResponseCodes : 408,503,504
GenerateRingingWhileLocatingUser : True
PidfLoSupported : False
MediaRelayRoutingLocationOverride :
ProxySbc :
BypassMode : None

Version 7.2 15 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

This page is intentionally left blank.

AudioCodes Mediant SBC 16 Document #: LTRT-29313

Configuration Note 4. Configuring Cisco CUCM

4 Configuring Cisco CUCM

This section describes how to configure the Cisco Unified Communications Manager.

4.1 Log in to Cisco Unified Communications Manager

The procedure below describes how to log in to the Cisco CUCM Administration interface.

➢ To log in to the Cisco Unified CM Administration interface:

1. Log in to the Cisco Unified CM Administration by entering the IP address of the Cisco
Unified Communications Manager (CUCM) in the Web browser address field.
Figure 4-1: Cisco Unified CM Administration

2. In the 'Username' field, enter the user name.

3. In the 'Password' field, enter the password.
4. Click Login.

4.2 Create a New Trunk

This section describes how to create a new trunk.

➢ To create a new trunk:

1. From the Device menu drop-down list, select Trunk.
2. Click Add New.
Figure 4-2: Trunk page

3. Select Trunk Type – SIP Trunk.

4. Click Next.

Version 7.2 17 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 4-3: Create Trunk Page

5. In the Device Name field, enter a unique SIP Trunk name and optionally provide a
description.
6. From the Device Pool drop-down list, select a device pool.
Figure 4-4: SIP Trunk Settings Page

7. Select the 'Redirecting Diversion Header Delivery – Outbound' check box.

Figure 4-5: Redirecting Diversion Header Delivery

8. Enter the Destination Address and Destination Port of the AudioCodes SBC.

AudioCodes Mediant SBC 18 Document #: LTRT-29313

Configuration Note 4. Configuring Cisco CUCM

Figure 4-6: SIP Information Section

9. From the SIP Trunk Security drop-down list, select a profile.

10. From the SIP Profile drop-down list, select a profile.
11. Click Save.

4.3 Create a New Route Pattern

This section describes how to create a new route pattern.

➢ To create new Route Pattern:

1. From the Call Routing menu drop-down list, go to the Route/Hunt menu and select
Route Pattern.
Figure 4-7: Route Pattern page

2. Click Add New.

3. Enter a Route Pattern according to schema (optionally provide a description).
4. From the Gateway/Route List drop-down list, select the SIP Trunk device name.

Version 7.2 19 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 4-8: Create Route Pattern Page

5. Click Save.
Figure 4-9: Added Route Pattern

AudioCodes Mediant SBC 20 Document #: LTRT-29313

Configuration Note 4. Configuring Cisco CUCM

Figure 4-10: Added Trunk

Note: An ‘*’ indicates a mandatory field.

Version 7.2 21 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

This page is intentionally left blank.

AudioCodes Mediant SBC 22 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5 Configuring AudioCodes SBC

This section provides step-by-step procedures on how to configure AudioCodes SBC for
interworking between Microsoft Teams Direct Routing and the Cisco CUCM. These
configuration procedures are based on the interoperability test topology described in Section
2.4 on page 10, and includes the following main areas:
◼ SBC LAN interface – Management Station and Cisco CUCM
◼ SBC WAN interface – Teams Direct Routing environment
This configuration is done using the SBC's embedded Web server (hereafter, referred to as
Web interface).

Notes:
• For implementing Microsoft Teams Direct Routing and Cisco CUCM based on the
configuration described in this section, AudioCodes SBC must be installed with a
License Key that includes the following software features:
• Enable Microsoft (licensing MSFT) [All AudioCodes media gateways and SBCs
are by default shipped with this license. Exceptions: MSBR products and Mediant
500 SBC or Media Gateways]
• Microsoft TEAMS (licensing SW/TEAMS)
• Number of SBC sessions [Based on requirements]
• DSP Channels [If media transcoding is needed]
• Transcoding sessions [If media transcoding is needed]
For more information about the License Key, contact your AudioCodes sales
representative.
• The scope of this document does not cover all security aspects for configuring this
topology. Comprehensive security measures should be implemented per your
organization's security policies. For security recommendations on AudioCodes’
products, refer to the Recommended Security Guidelines document, which can be
found at AudioCodes web site

Version 7.2 23 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.1 SBC Configuration Concept in Teams Direct Routing

Enterprise Model
The diagram below represents AudioCodes’ device configuration concept in the Enterprise
Model.
Figure 5-1: SBC Configuration Concept

Cisco Proxy IP SIP SIP IP Proxy

CUCM Set Group Interface Interface Group Set Teams
Direct Routing

5.2 IP Network Interfaces Configuration

This section describes how to configure the SBC's IP network interfaces. There are several
ways to deploy the SBC; however, this interoperability test topology employs the following
deployment method:
◼ SBC interfaces with the following IP entities:
• Management Servers and Cisco CUCM, located on the LAN
• Microsoft Teams Direct Routing located on the WAN
◼ SBC connects to the WAN through a DMZ network
◼ Physical connection: The type of physical connection depends on the method used to
connect to the Enterprise's network. In the interoperability test topology, SBC connects
to the LAN and DMZ using dedicated ethernet ports
(i.e., two ports and two network cables are used).
◼ SBC also uses two logical network interfaces:
• LAN (VLAN ID 1)
• DMZ (VLAN ID 2)
Figure 5-2: Network Interfaces in Interoperability Test Topology

LAN Port LAN Port

Vlan ID 1 Vlan ID 2

LAN DMZ
Management
Station (OAMP)
WAN
Firewall

CUCM

AudioCodes Mediant SBC 24 Document #: LTRT-29313

 Configuration Note 5. Configuring AudioCodes SBC

5.2.1 Configure VLANs

This section describes how to configure VLANs for each of the following interfaces:
◼ LAN VoIP (assigned the name "LAN_IF")
◼ WAN VoIP (assigned the name "WAN_IF")

➢ To configure the VLANs:

1. Open the Ethernet Device table (Setup menu > IP Network tab > Core Entities folder
> Ethernet Devices).
2. There will be one existing row for VLAN ID 1 and underlying interface GROUP_1.
3. Add another VLAN ID 2 for the WAN side
Figure 5-3: Configured VLAN IDs in Ethernet Device

5.2.2 Configure Network Interfaces

This section describes how to configure the IP network interfaces for each of the following
interfaces:
◼ LAN Interface (assigned the name "LAN_IF")
◼ WAN Interface (assigned the name "WAN_IF")

➢ To configure the IP network interfaces:

1. Open the IP Interfaces table (Setup menu > IP Network tab > Core Entities folder >
IP Interfaces).
2. Configure the IP interfaces as follows (your network parameters might be different):

Table 5-1: Configuration Example of the Network Interface Table

Application Interfac Prefix Ethernet

Index IP Address Gateway DNS I/F Name
Types e Mode Length Device

OAMP+ Media + IPv4

0 10.15.77.77 16 10.15.0.1 10.15.27.1 LAN_IF vlan 1
Control Manual

Media + Control (as

According to
this interface points 195.189.192.157 195.189.192.129
IPv4 your Internet
1 to the Internet, (DMZ IP address of 25 (router's IP WAN_IF vlan 2
Manual provider's
enabling OAMP is SBC) address)
instructions
not recommended)

Version 7.2 25 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

The configured IP network interfaces are shown below:

Figure 5-4: Configured Network Interfaces in IP Interfaces Table

AudioCodes Mediant SBC 26 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.3 SIP TLS Connection Configuration

This section describes how to configure the SBC for using a TLS connection with the
Microsoft Teams Direct Routing Phone System. This configuration is essential for a secure
SIP TLS connection. The configuration instructions in this section are based on the following
domain structure that must be implemented as part of the certificate which must be loaded
to the host SBC:
◼ CN: sbc1.hybridvoice.org
◼ SAN: sbc1.hybridvoice.org
This certificate module is based on the Service Provider's own TLS Certificate. For more
certificate structure options, see Microsoft Teams Direct Routing documentation.
The Microsoft Phone System Direct Routing Interface allows only TLS connections from
SBCs for SIP traffic with a certificate signed by one of the Trusted Certification Authorities.
Currently, supported Certification Authorities can be found in the following link:
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-plan#public-trusted-
certificate-for-the-sbc

5.3.1 Configure the NTP Server Address

This section describes how to configure the NTP server's IP address. It is recommended to
implement an NTP server (Microsoft NTP server or another global server) to ensure that the
SBC receives the current date and time. This is necessary for validating certificates of remote
parties. It is important, that NTP Server will locate on the OAMP IP Interface (LAN_IF in our
case) or will be accessible through it.

➢ To configure the NTP server address:

1. Open the Time & Date page (Setup menu > Administration tab > Time & Date).
2. In the 'Primary NTP Server Address' field, enter the IP address of the NTP server
(e.g., 10.15.28.1).
Figure 5-5: Configuring NTP Server Address

3. Click Apply.

Version 7.2 27 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.3.2 Create a TLS Context for Teams Direct Routing

This section describes how to configure TLS Context in the SBC. AudioCodes recommends
implementing only TLS to avoid flaws in SSL.

➢ To configure the TLS version:

1. Open the TLS Contexts table (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. Create a new TLS Context by clicking New at the top of the interface, and then configure
the parameters using the table below as reference:
Table 5-2: New TLS Context

Index Name TLS Version

1 Teams (arbitrary descriptive name) TLSv1.2

All other parameters can be left unchanged with their default values.

Note: The table above exemplifies configuration focusing on interconnecting SIP and
media. You might want to configure additional parameters according to your
company's policies. For example, you might want to configure Online Certificate
Status Protocol (OCSP) to check if SBC certificates presented in the online server are
still valid or revoked. For more information on the SBC's configuration, see the User's
Manual, available for download from https://www.audiocodes.com/library/technical-
documents.

Figure 5-6: Configuring TLS Context for Teams Direct Routing

3. Click Apply.

AudioCodes Mediant SBC 28 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.3.3 Configure a Certificate

This section describes how to request a certificate for the SBC and to configure it based on
the example of DigiCert Global Root CA. The certificate is used by the SBC to authenticate
the connection with Microsoft Teams Direct Routing.
The procedure involves the following main steps:
a. Generating a Certificate Signing Request (CSR).
b. Requesting Device Certificate from CA.
c. Obtaining Trusted Root/ Intermediate Certificate from CA.
d. Deploying Device and Trusted Root/ Intermediate Certificates on SBC.

➢ To configure a certificate:
1. Open the TLS Contexts page (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. In the TLS Contexts page, select the required TLS Context index row, and then click
the Change Certificate link located below the table; the Context Certificates page
appears.
3. Under the Certificate Signing Request group, do the following:
a. In the 'Subject Name [CN]' field, enter the SBC FQDN name
(based on example above, sbc1.hybridvoice.org).
b. In the ‘1st Subject Alternative Name [SAN]’ field, change the type to ‘DNS’ and
enter the SBC FQDN name (based on example above, sbc1.hybridvoice.org).

Note: The domain portion of the Common Name [CN] and 1st Subject Alternative
Name [SAN] must match the SIP suffix configured for Office 365 users.

c. Change the 'Private Key Size' based on the requirements of your Certification
Authority. Many CAs do not support private key of size 1024. In this case, you
must change the key size to 2048.
d. To change the key size on TLS Context, go to: Generate New Private Key and
Self-Signed Certificate, change the 'Private Key Size' to 2048 and then click
Generate Private-Key. To use 1024 as a Private Key Size value, you can click
Generate Private-Key without changing the default key size value.
e. Fill in the rest of the request fields according to your security provider's
instructions.
f. Click the Create CSR button; a textual certificate signing request is displayed in
the area below the button:

Version 7.2 29 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 5-7: Example of Certificate Signing Request – Creating CSR

4. Copy the CSR from the line "----BEGIN CERTIFICATE" to "END CERTIFICATE
REQUEST----" to a text file (such as Notepad), and then save it to a folder on your
computer with the file name, for example certreq.txt.
5. Send certreq.txt file to the Certified Authority Administrator for signing.

AudioCodes Mediant SBC 30 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

6. After obtaining an SBC signed and Trusted Root/Intermediate Certificate from the CA,
in the SBC's Web interface, return to the TLS Contexts page and do the following:
a. In the TLS Contexts page, select the required TLS Context index row, and then
click the Change Certificate link located below the table; the Context Certificates
page appears.
b. Scroll down to the Upload certificates files from your computer group, click
the Choose File button corresponding to the 'Send Device Certificate...' field,
navigate to the certificate file obtained from the CA, and then click Load File to
upload the certificate to the SBC.
Figure 5-8: Uploading the Certificate Obtained from the Certification Authority

7. Confirm that the certificate was uploaded correctly. A message indicating that the
certificate was uploaded successfully is displayed in blue in the lower part of the page.
8. In the SBC's Web interface, return to the TLS Contexts page, select the required TLS
Context index row, and then click the Certificate Information link, located at the bottom
of the TLS. Then validate the Key size, certificate status and Subject Name:
Figure 5-9: Certificate Information Example

Version 7.2 31 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

9. In the SBC's Web interface, return to the TLS Contexts page.

a. In the TLS Contexts page, select the required TLS Context index row, and then
click the Trusted Root Certificates link, located at the bottom of the TLS
Contexts page; the Trusted Certificates page appears.
b. Click the Import button, and then select all Root/Intermediate Certificates
obtained from your Certification Authority to load.
10. Click OK; the certificate is loaded to the device and listed in the Trusted Certificates
store:
Figure 5-10: Example of Configured Trusted Root Certificates

5.3.4 Method of Generating and Installing the Wildcard Certificate

To use the same certificate on multiple devices, you may prefer using 3rd party application
(e.g. DigiCert Certificate Utility for Windows) to process the certificate request from your
Certificate Authority on another machine, with this utility installed.
After you've processed the certificate request and response using the DigiCert utility, test the
certificate private key and chain and then export the certificate with private key and assign a
password.

➢ To install the certificate:

1. Open the TLS Contexts page (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. In the TLS Contexts page, select the required TLS Context index row, and then click
the Change Certificate link located below the table; the Context Certificates page
appears.
3. Scroll down to the Upload certificates files from your computer group and do the
following:
a. Enter the password assigned during export with the DigiCert utility in the 'Private
key pass-phrase' field.
b. Click the Choose File button corresponding to the 'Send Private Key...' field and
then select the SBC certificate file exported from the DigiCert utility.

AudioCodes Mediant SBC 32 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.3.5 Deploy Baltimore Trusted Root Certificate

The DNS name of the Microsoft Teams Direct Routing interface is
sip.pstnhub.microsoft.com. In this interface, a certificate is presented which is signed by
Baltimore Cyber Baltimore CyberTrust Root with Serial Number: 02 00 00 b9 and SHA
fingerprint: d4:de:20:d0:5e:66:fc: 53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74.
To trust this certificate, your SBC must have the certificate in Trusted Certificates storage.
Download the certificate from https://cacert.omniroot.com/bc2025.pem and follow the steps
above to import the certificate to the Trusted Root storage.

Note: Before importing the Baltimore Root Certificate into AudioCodes' SBC, make
sure it's in .PEM or .PFX format. If it isn't, you need to convert it to .PEM or .PFX
format. Otherwise, you will receive a 'Failed to load new certificate' error message.
To convert to PEM format, use the Windows local store on any Windows OS and then
export it as 'Base-64 encoded X.509 (.CER) certificate'.

Version 7.2 33 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.4 Configure Media Realms

This section describes how to configure Media Realms. The simplest configuration is to
create two Media Realms - one for the Cisco CUCM traffic and one for the Teams traffic.

➢ To configure Media Realms:

1. Open the Media Realms table (Setup menu > Signaling & Media tab > Core Entities
folder > Media Realms).
2. Configure Media Realms as follows (you can use the default Media Realm (Index 0),
but modify it):
Table 5-3: Configuration Example Media Realms in Media Realm Table

Topology IPv4 Interface Port Range Number of Media

Index Name
Location Name Start Session Legs

CUCM (arbitrary 100 (media sessions

0
name)
WAN_IF 6000
assigned with port range)
Teams (arbitrary 100 (media sessions
1
name)
Up WAN_IF 7000
assigned with port range)

The configured Media Realms are shown in the figure below:

Figure 5-11: Configured Media Realms in Media Realm Table

AudioCodes Mediant SBC 34 Document #: LTRT-29313

 Configuration Note 5. Configuring AudioCodes SBC

5.5 Configure SIP Signaling Interfaces

This section describes how to configure SIP Interfaces. For the interoperability test topology,
towards the SIP Trunk and towards the Teams Direct Routing SIP Interfaces must be
configured for the SBC.

➢ To configure SIP Interfaces:

1. Open the SIP Interfaces table (Setup menu > Signaling & Media tab > Core Entities
folder > SIP Interfaces).
2. Configure SIP Interfaces. You can use the default SIP Interface (Index 0), but modify it
as shown in the table below. The table below shows an example of the configuration.
You can change some parameters according to your requirements.

Note: The Direct Routing interface can only use TLS for a SIP port. It does not support
using TCP due to security reasons. The SIP port might be any port of your choice.
When pairing the SBC with Office 365, the chosen port is specified in the pairing
command.

Table 5-4: Configured SIP Interfaces in SIP Interface Table

Enable Classification TLS

Network Application Media
Index Name UDP Port TCP Port TLS Port TCP Failure Context
Interface Type Realm
Keepalive Response Type Name

5060 5060 Disable

CUCM
(according (according (leave 500 (leave
0 (arbitrary LAN_IF SBC 0 CUCM -
to customer to customer default default value)
name)
requirement) requirement) value)

0
(Phone 5061 (as
0
Teams System configured
(Recommended
1 (arbitrary WAN_IF SBC does not 0 in the Enable Teams Teams
to prevent DoS
name) use UDP or Office
attacks)
TCP for SIP 365)
signaling)

The configured SIP Interfaces are shown in the figure below:

Figure 5-12: Configured SIP Interfaces in SIP Interface Table

Version 7.2 35 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.6 Configure Proxy Sets and Proxy Address

This section describes how to configure Proxy Sets. The Proxy Set defines the destination
address (IP address or FQDN) of the IP entity server. Proxy Sets can also be used to
configure load balancing between multiple servers.
For the interoperability test topology, two Proxy Sets need to be configured for the following
IP entities:
◼ Cisco CUCM
◼ Teams Direct Routing
The Proxy Sets will later be applied to the VoIP network by assigning them to IP Groups.

➢ To configure Proxy Sets:

1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities
folder > Proxy Sets).
2. Configure Proxy Sets as shown in the table below:
Table 5-5: Configuration Example Proxy Sets in Proxy Sets Table

Proxy
SBC IPv4
TLS Context Proxy Proxy Hot Load
Index Name SIP
Name Keep-Alive Swap Balancing
Interface
Method

CUCM Using
1
(arbitrary name)
CUCM Default - -
Options
Teams Using Random
2
(arbitrary name)
Teams Teams Enable
Options Weights

The configured Proxy Sets are shown in the figure below:

Figure 5-13: Configured Proxy Sets in Proxy Sets Table

AudioCodes Mediant SBC 36 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.6.1 Configure a Proxy Address

This section shows how to configure a Proxy Address.

➢ To configure a Proxy Address for SIP Trunk:

1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities folder
> Proxy Sets) and then click the Proxy Set CUCM, and then click the Proxy Address
link located below the table; the Proxy Address table opens.
2. Click +New; the following dialog box appears:
Figure 5-14: Configuring Proxy Address for CUCM

3. Configure the address of the Proxy Set according to the parameters described in the
table below:
Table 5-6: Configuration Proxy Address for SIP Trunk

Transport Proxy Proxy Random

Index Proxy Address
Type Priority Weight

10.15.28.101:5060
0 UDP 0 0
(CUCM IP and port)
4. Click Apply.

Version 7.2 37 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

➢ To configure a Proxy Address for Teams:

1. Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities
folder > Proxy Sets) and then click the Proxy Set Teams, and then click the Proxy
Address link located below the table; the Proxy Address table opens.
2. Click +New; the following dialog box appears:
Figure 5-15: Configuring Proxy Address for Teams Direct Routing Interface

3. Configure the address of the Proxy Set according to the parameters described in the
table below:
Table 5-7: Configuration Proxy Address for Teams Direct Routing

Transport Proxy Proxy Random

Index Proxy Address
Type Priority Weight

0 sip.pstnhub.microsoft.com:5061 TLS 1 1
1 sip2.pstnhub.microsoft.com:5061 TLS 2 1
2 sip3.pstnhub.microsoft.com:5061 TLS 3 1
4. Click Apply.

AudioCodes Mediant SBC 38 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.7 Configure Coders

This section describes how to configure coders (termed Coder Group). As Cisco CUCM
doesn’t send a list of supported coders in the initial offer, a Coder Group with the list of
supported coders for the Microsoft Teams Direct Routing leg needs to be added.
Note that the Coder Group ID for this entity will be assigned to its corresponding IP Profile in
the next step.

➢ To configure coders:
1. Open the Coder Groups table (Setup menu > Signaling & Media tab > Coders &
Profiles folder > Coder Groups).
2. Configure a Coder Group for Microsoft Teams Direct Routing:

Parameter Value

Coder Group Name AudioCodersGroups_0

Coder Name ▪ SILK-NB
▪ SILK-WB
▪ G.711 A-law
▪ G.711 U-law
▪ G.729

Figure 5-16: Configuring Coder Group for Microsoft Teams Direct Routing

3. Click Apply, and then confirm the configuration change in the prompt that pops up.

Version 7.2 39 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

4. Open the Media Settings page (Setup menu > Signaling & Media tab > Media folder
> Media Settings).
Figure 5-17: SBC Preferences Mode

5. From the 'Preferences Mode' drop-down list, select Include Extensions.

6. Click Apply.

AudioCodes Mediant SBC 40 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.8 Configure IP Profiles

This section describes how to configure IP Profiles. The IP Profile defines a set of call
capabilities relating to signaling (e.g., SIP message terminations such as REFER) and media
(e.g., coder and transcoding method).
In this interoperability test topology, IP Profiles need to be configured for the following IP
entities:
◼ Cisco CUCM – to operate in non-secure mode using RTP and SIP over UDP or TCP
◼ Microsoft Teams Direct Routing – to operate in secure mode using SRTP and SIP
over TLS

➢ To configure an IP Profile for the Cisco CUCM :

1. Open the IP Profiles table (Setup menu > Signaling & Media tab > Coders & Profiles
folder > IP Profiles).
2. Click New, and then configure the parameters as follows:

Parameter Value

General
Index 1
Name CUCM
Media Security
SBC Media Security Mode Not Secured
SBC Signaling
P-Asserted-Identity Header Mode Add (required for anonymous calls)
SBC Forward and Transfer
Remote REFER Mode Handle Locally
Remote Replaces Mode Handle Locally
Remote 3xx Mode Handle Locally

Version 7.2 41 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 5-18: Configuring IP Profile for Cisco CUCM

3. Click Apply.

➢ To configure IP Profile for the Microsoft Teams Direct Routing:

1. Open the IP Profiles table (Setup menu > Signaling & Media tab > Coders & Profiles
folder > IP Profiles).
2. Click New, and then configure the parameters as follows:

Parameter Value

General
Index 2
Name Teams (arbitrary descriptive name)
Media Security
SBC Media Security Mode Secured
SBC Early Media
Remote Early Media RTP Detection By Media (required, as Microsoft Teams Direct
Mode Routing does not send RTP immediately to
remote side when it sends a SIP 18x
response)
SBC Media
Extension Coders Group AudioCodersGroups_0
ICE Mode Lite (required only when Media Bypass
enabled on Microsoft Teams)
SBC Signaling
Remote Update Support Not Supported

AudioCodes Mediant SBC 42 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

Remote re-INVITE Support Supported Only With SDP

Remote Delayed Offer Support Not Supported
SBC Forward and Transfer
Remote REFER Mode Handle Locally
Remote 3xx Mode Handle Locally
SBC Hold
Remote Hold Format Inactive (some SIP Trunk may answer with
a=inactive and IP=0.0.0.0 in response to the
Re-Invite with Hold request from Teams.
Microsoft Media Stack doesn’t support this
format. So, SBC will replace 0.0.0.0 with its IP
address)

Figure 5-19: Configuring IP Profile for Microsoft Teams Direct Routing

3. Click Apply.

Version 7.2 43 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.9 Configure IP Groups

This section describes how to configure IP Groups. The IP Group represents an IP entity on
the network with which the SBC communicates. This can be a server (e.g., IP PBX or ITSP)
or it can be a group of users (e.g., LAN IP phones). For servers, the IP Group is typically
used to define the server's IP address by associating it with a Proxy Set. Once IP Groups
are configured, they are used to configure IP-to-IP routing rules for denoting source and
destination of the call.
In this interoperability test topology, IP Groups must be configured for the following IP
entities:
◼ Cisco CUCM located on LAN
◼ Teams Direct Routing located on WAN

➢ To configure IP Groups:
1. Open the IP Groups table (Setup menu > Signaling & Media tab > Core Entities folder
> IP Groups).
2. Configure an IP Group for the Cisco CUCM:

Parameter Value

Index 1
Name CUCM
Type Server
Proxy Set CUCM
IP Profile CUCM
Media Realm CUCM
SIP Group Name (according to requirement, for example,
sbc.ACeducation.info)
SIP Topology Hiding Headers List From,Diversion,Referred-By,History-Info

AudioCodes Mediant SBC 44 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

3. Configure an IP Group for the Microsoft Teams Direct Routing:

Parameter Value

Index 2
Name Teams
Topology Location Up
Type Server
Proxy Set Teams
IP Profile Teams
Media Realm Teams
Classify By Proxy Set Disable
Local Host Name < FQDN name of your SBC in the Microsoft
Teams tenant >
(For example, sbc.ACeducation.info)
Always Use Src Address Yes
Proxy Keep-Alive using IP Group
Enable
settings

The configured IP Groups are shown in the figure below:

Figure 5-20: Configured IP Groups in IP Group Table

Version 7.2 45 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.10 Configure SRTP

This section describes how to configure media security. The Direct Routing Interface needs
to use of SRTP only, so you need to configure the SBC to operate in the same manner.

➢ To configure media security:

1. Open the Media Security page (Setup menu > Signaling & Media tab > Media folder
> Media Security).
2. From the 'Media Security' drop-down list, select Enable to enable SRTP.
Figure 5-21: Configuring SRTP

3. Click Apply.

AudioCodes Mediant SBC 46 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.11 Configuring Message Condition Rules

This section describes how to configure the Message Condition Rules. A Message Condition
defines special conditions (pre-requisites) for incoming SIP messages. These rules can be
used as additional matching criteria for the IP-to-IP routing rules in the IP-to-IP Routing table.
The following condition verifies that the Contact header contains Microsoft Teams FQDN.

➢ To configure a Message Condition rule:

1. Open the Message Conditions table (Setup menu > Signaling & Media tab > Message
Manipulation folder > Message Conditions).
2. Click New, and then configure the parameters as follows:

Parameter Value

Index 0
Name Teams-Contact (arbitrary descriptive name)
Condition header.contact.url.host contains 'pstnhub.microsoft.com'

Figure 5-22: Configuring Condition Table

3. Click Apply.

Version 7.2 47 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.12 Configuring Classification Rules

This section describes how to configure Classification rules. A Classification rule classifies
incoming SIP dialog-initiating requests (e.g., INVITE messages) to a ‘source’ IP Group. The
source IP Group is the SIP entity that sent the SIP dialog request. Once classified, the device
uses the IP Group to process the call (manipulation and routing).
You can also use the Classification table for employing SIP-level access control for
successfully classified calls, by configuring Classification rules with whitelist and blacklist
settings. If a Classification rule is configured as a whitelist ("Allow"), the device accepts the
SIP dialog and processes the call. If the Classification rule is configured as a blacklist
("Deny"), the device rejects the SIP dialog.

➢ To configure a Classification rule:

1. Open the Classification table (Setup menu > Signaling & Media tab > SBC folder >
Classification Table).
2. Click New, and then configure the parameters as follows:

Parameter Value

Index 0
Name Teams
Source SIP Interface Teams
Source IP Address 52.114.*.*
Destination Host < FQDN name of your SBC in the Microsoft
Teams tenant > (e.g. sbc.ACeducation.info)
Message Condition Teams-Contact
Action Type Allow
Source IP Group Teams

Figure 5-23: Configuring Classification Rule

3. Click Apply.

AudioCodes Mediant SBC 48 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.13 Configure IP-to-IP Call Routing Rules

This section describes how to configure IP-to-IP call routing rules. These rules define the
routes for forwarding SIP messages (e.g., INVITE) received from one IP entity to another.
The SBC selects the rule whose configured input characteristics (e.g., IP Group) match those
of the incoming SIP message. If the input characteristics do not match the first rule in the
table, they are compared to the second rule, and so on, until a matching rule is located. If no
rule is matched, the message is rejected.
For the interoperability test topology, the following IP-to-IP routing rules need to be
configured to route calls between Teams Direct Routing and Cisco CUCM:
◼ Terminate SIP OPTIONS messages on the SBC that are received from any entity
◼ Terminate REFER messages to Teams Direct Routing
◼ Calls from Teams Direct Routing to Cisco CUCM
◼ Calls from Cisco CUCM to Teams Direct Routing

➢ To configure IP-to-IP routing rules:

1. Open the IP-to-IP Routing table (Setup menu > Signaling & Media tab > SBC folder >
Routing > IP-to-IP Routing).
2. Configure routing rules as shown in the table below:
Table 5-8: Configuration IP-to-IP Routing Rules

Source Request Call ReRoute Dest Dest Dest

Index Name
IP Group Type Triger IP Group Type IP Group Address

Terminate Dest
0 Any OPTIONS internal
OPTIONS Address

Refer from
Request
1 Teams Any REFER Teams Teams
URI
(arbitrary name)

Teams to
2 CUCM (arbitrary Teams IP Group CUCM
name)

CUCM to
3 Teams CUCM IP Group Teams
(arbitrary name)

The configured routing rules are shown in the figure below:

Figure 5-24: Configured IP-to-IP Routing Rules in IP-to-IP Routing Table

Note: The routing configuration may change according to your specific deployment
topology.

Version 7.2 49 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.14 Configuring Firewall Settings

Note: AudioCodes highly advised to configure firewall with network traffic filtering rules
in front of WAN interface of the SBC. For detailed list of ports, which needed to be
open please refer to: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-
plan#sip-signaling-fqdns-and-firewall-ports.

As an extra security to the above note, there is option to configure traffic filtering rules
(access list) for incoming traffic on AudioCodes SBC. For each packet received on the
configured network interface, the SBC searches the table from top to bottom until the first
matching rule is found. The matched rule can permit (allow) or deny (block) the packet. Once
a rule in the table is located, subsequent rules further down the table are ignored. If the end
of the table is reached without a match, the packet is accepted. Please note that the firewall
is stateless. The blocking rules will apply to all incoming packets, including UDP or TCP
responses.

➢ To configure a firewall rule:

1. Open the Firewall table (Setup menu > IP Network tab > Security folder> Firewall).
2. Configure the following Access list rules for Teams Direct Rout IP Interface:

Table 4-9: Firewall Table Rules

Use
Subnet Start End Interface
Index Source IP Protocol Specific Allow Type
Prefix Port Port ID
Interface

<Public DNS Server IP>

0 32 0 65535 Any Enable WAN_IF Allow
(e.g. 8.8.8.8)

1 52.114.148.0 32 0 65535 TCP Enable WAN_IF Allow

2 52.114.132.46 32 0 65535 TCP Enable WAN_IF Allow

3 52.114.75.24 32 0 65535 TCP Enable WAN_IF Allow

4 52.114.76.76 32 0 65535 TCP Enable WAN_IF Allow

5 52.114.7.24 32 0 65535 TCP Enable WAN_IF Allow

6 52.114.14.70 32 0 65535 TCP Enable WAN_IF Allow

49 0.0.0.0 0 0 65535 Any Enable WAN_IF Block

Note: Be aware, that if in your configuration, connectivity to SIP Trunk (or other
entities) is performed through the same IP Interface as Teams (WAN_IF in our
example), you must add rules to allow traffic from these entities.

AudioCodes Mediant SBC 50 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.15 Configure Number Manipulation Rules

This section describes how to configure IP-to-IP manipulation rules. These rules manipulate
the SIP Request-URI user part (source or destination number). The manipulation rules use
the configured IP Groups (as configured in Section 5.9 on page 38) to denote the source and
destination of the call.

Note: Adapt the manipulation table according to your environment dial plan.

For example, for this interoperability test topology, a manipulation is configured to remove
the "+" (plus sign) from the destination number for calls from the Teams Direct Routing IP
Group.

➢ To configure a number manipulation rule:

1. Open the Inbound Manipulations table (Setup menu > Signaling & Media tab > SBC
folder > Manipulation > Inbound Manipulations).
2. Configure the rules according to your setup.
The figure below shows an example of configured IP-to-IP inbound manipulation rules for
calls from Teams Direct Routing IP Group:
Figure 5-25: Example of Configured IP-to-IP Inbound Manipulation Rules

Rule Index Description

Calls from Teams IP Group with the prefix destination number "+", remove one character
0
from left.

Version 7.2 51 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.16 Configure Message Manipulation Rules

This section describes how to configure SIP message manipulation rules. SIP message
manipulation rules can include insertion, removal, and/or modification of SIP headers.
Manipulation rules are grouped into Manipulation Sets, enabling you to apply multiple rules
to the same SIP message (IP entity).
Once you have configured the SIP message manipulation rules, you need to assign them to
the relevant IP Group (in the IP Group table) and determine whether they must be applied to
inbound or outbound messages.

➢ To configure SIP message manipulation rule:

1. Open the Message Manipulations page (Setup menu > Signaling & Media tab >
Message Manipulation folder > Message Manipulations).
2. Configure a new manipulation rule (Manipulation Set 2) for Cisco CUCM. This rule
applies to messages sent to the Cisco CUCM IP Group. This replaces the host part of
the SIP Request-URI Header with the Cisco CUCM IP address.

Parameter Value

Index 0
Name Change R-URI host toward CUCM
Manipulation Set ID 2
Condition Any.Request
Action Subject Header.Request-URI.URL.Host
Action Type Modify
Action Value Param.Message.Address.Dst.IP

Figure 5-26: Configuring SIP Message Manipulation Rule 0 (for Cisco CUCM)

AudioCodes Mediant SBC 52 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

3. Configure another manipulation rule (Manipulation Set 3) for Teams Direct Routing IP
Group. This rule applies to messages received from the Teams IP Group. This remove
the SIP P-Asserted-Identity Header.

Parameter Value

Index 1
Name Remove PAI
Manipulation Set ID 3
Action Subject Header.P-Asserted-Identity
Action Type Remove

Figure 5-27: Configuring SIP Message Manipulation Rule 1 (for Teams)

Version 7.2 53 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

4. Configure another manipulation rule (Manipulation Set 2) for Cisco CUCM. This rule
applies to messages sent to the Cisco CUCM IP Group. This remove the SIP Privacy
Header in all messages, except of call with presentation restriction.

Parameter Value

Index 2
Name Remove Privacy Header
Manipulation Set ID 2
Condition Header.Privacy exists And Header.From.URL
!contains 'anonymous'
Action Subject Header.Privacy
Action Type Remove

Figure 5-28: Configuring SIP Message Manipulation Rule 2 (for Cisco CUCM)

AudioCodes Mediant SBC 54 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5. Configure another manipulation rule (Manipulation Set 2) for Cisco CUCM. This rule
applies to messages sent to the Cisco CUCM IP Group. This removes the SIP History-
Info.1 Header (if it’s exists) in all messages.

Parameter Value

Index 3
Name Remove History-Info.1
Manipulation Set ID 2
Condition Header.History-Info.1 exists
Action Subject Header.History-Info.1
Action Type Remove

Figure 5-29: Configuring SIP Message Manipulation Rule 3 (for Cisco CUCM)

Version 7.2 55 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Figure 5-30: Example of Configured SIP Message Manipulation Rules

The table displayed below includes SIP message manipulation rules which are grouped together
under Manipulation Set IDs (Manipulation Set IDs 2 and 3) and which are executed for messages sent
to and from the Cisco CUCM IP Group as well as the Teams Direct Routing IP Group. These rules are
specifically required to enable proper interworking between Cisco CUCM and Teams Direct Routing.
Refer to the User’s Manual for further details concerning the full capabilities of header manipulation.

Rule
Rule Description Reason for Introducing Rule
Index

This rule applies to messages sent to the Cisco CUCM

0 IP Group; It replaces the host part of the SIP Request- Per Cisco CUCM implementation.
URI Header with the Cisco CUCM IP address.
Microsoft Office 365 may be
This rule applies to messages received from the Teams
configured to send a PAI header.
1 IP Group. It removes the SIP P-Asserted-Identity
We recommend doing this in the
Header.
SBC, for better interoperability.
This rule applies to messages sent to the Cisco CUCM.
2 It removes the SIP Privacy Header in all messages, The same as in the previous rule.
except for a call with presentation restriction.
This rule applies to messages sent to the Cisco CUCM.
3 It removes the SIP History-Info.1 Header (if it’s exists) in
all messages.

AudioCodes Mediant SBC 56 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

6. Assign Manipulation Set IDs 2 to the Cisco CUCM IP Group:

a. Open the IP Groups table (Setup menu > Signaling & Media tab > Core
Entities folder > IP Groups).
b. Select the row of the Cisco CUCM IP Group, and then click Edit.
c. Set the 'Outbound Message Manipulation Set' field to 2.
Figure 5-31: Assigning Manipulation Set to the Cisco CUCM IP Group

d. Click Apply.

Version 7.2 57 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

7. Assign Manipulation Set ID 3 to the Teams Direct Routing IP Group:

a. Open the IP Groups table (Setup menu > Signaling & Media tab > Core
Entities folder > IP Groups).
b. Select the row of the Teams Direct Routing IP Group, and then click Edit.
c. Set the 'Inbound Message Manipulation Set' field to 3.
Figure 5-32: Assigning Manipulation Set 3 to the Teams Direct Routing IP Group

d. Click Apply.

AudioCodes Mediant SBC 58 Document #: LTRT-29313

Configuration Note 5. Configuring AudioCodes SBC

5.17 Miscellaneous Configuration

This section describes miscellaneous SBC configuration.

5.17.1 Configure Call Forking Mode

This section describes how to configure the SBC's handling of SIP 18x responses received
for call forking of INVITE messages. For the interoperability test topology, if a SIP 18x
response with SDP is received, the SBC opens a voice stream according to the received
SDP. The SBC re-opens the stream according to subsequently received 18x responses with
SDP or plays a ringback tone if a 180 response without SDP is received. It is mandatory to
set this field for the Teams Direct Routing environment.

➢ To configure call forking:

1. Open the SBC General Settings page (Setup menu > Signaling & Media tab > SBC
folder > SBC General Settings).
2. From the 'SBC Forking Handling Mode' drop-down list, select Sequential.
Figure 5-33: Configuring Forking Mode

3. Click Apply.

Version 7.2 59 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

5.17.2 Optimizing CPU Cores Usage for a Specific Service (relevant for
Mediant 9000 and Software SBC only)
This section describes how to optimize the SBC's CPU cores usage for a specified profile to
achieve maximum capacity for that profile. The supported profiles include:
◼ SIP profile – improves SIP signaling performance, for example, SIP calls per second
(CPS)
◼ SRTP profile – improves maximum number of SRTP sessions
◼ Transcoding profile – enables all DSP-required features, for example, transcoding and
voice in-band detectors

➢ To optimize core allocation for a profile:

1. Open the SBC General Settings page (Setup menu > Signaling & Media tab > SBC
folder > SBC General Settings).
2. From the 'SBC Performance Profile' drop-down list, select the required profile:

3. Click Apply, and then reset the device with a burn-to-flash for your settings to take
effect.

AudioCodes Mediant SBC 60 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

A AudioCodes INI File

The ini configuration file of the SBC, corresponding to the Web-based configuration as
described in Section 4 on page 17, is shown below:

Note: To load or save an ini file, use the Configuration File page (Setup menu >
Administration tab > Maintenance folder > Configuration File).

;**************
;** Ini File **
;**************

;Board: M800B
;Board Type: 72
;Serial Number: 5299378
;Slot Number: 1
;Software Version: 7.20A.254.202
;DSP Software Version: 5014AE3_R => 710.16
;Board IP Address: 10.15.77.55
;Board Subnet Mask: 255.255.0.0
;Board Default Gateway: 10.15.0.1
;Ram size: 512M Flash size: 64M Core speed: 500Mhz
;Num of DSP Cores: 3
;Num of physical LAN ports: 4
;Profile: NONE
;;;Key features:;Board Type: M800B ;Coders: G723 G729 G728 NETCODER GSM-
FR GSM-EFR AMR EVRC-QCELP G727 ILBC EVRC-B AMR-WB G722 EG711 MS_RTA_NB
MS_RTA_WB SILK_NB SILK_WB SPEEX_NB SPEEX_WB OPUS_NB OPUS_WB ;DSP Voice
features: RTCP-XR ;DATA features: ;Channel Type: DspCh=30 IPMediaDspCh=30
;HA ;E1Trunks=1 ;T1Trunks=1 ;FXSPorts=4 ;FXOPorts=0 ;BRITrunks=4 ;IP
Media: Conf VXML ;QOE features: VoiceQualityMonitoring MediaEnhancement
;Security: IPSEC MediaEncryption StrongEncryption EncryptControlProtocol
;Control Protocols: MGCP SIP SBC=250 TEAMS MSFT FEU=100 TestCall=100
;Default features:;Coders: G711 G726;

[SYSTEM Params]

SyslogServerIP = 10.10.10.10
EnableSyslog = 1
NTPServerUTCOffset = 7200
ActivityListToLog = '', '', '', '', '', '', '', '', '', ''
TR069ACSPASSWORD = '$1$gQ=='
TR069CONNECTIONREQUESTPASSWORD = '$1$gQ=='
NTPServerIP = '10.15.28.1'
SBCWizardFilename = 'templates4.zip'

[BSP Params]

PCMLawSelect = 3
UdpPortSpacing = 10
EnterCpuOverloadPercent = 99
ExitCpuOverloadPercent = 95

Version 7.2 61 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

[Analog Params]

[ControlProtocols Params]

AdminStateLockControl = 0

[PSTN Params]

V5ProtocolSide = 0

[Voice Engine Params]

BrokenConnectionEventTimeout = 1000
ENABLEMEDIASECURITY = 1
PLThresholdLevelsPerMille_0 = 5
PLThresholdLevelsPerMille_1 = 10
PLThresholdLevelsPerMille_2 = 20
PLThresholdLevelsPerMille_3 = 50
CallProgressTonesFilename = 'usa_tones_13.dat'

[WEB Params]

Languages = 'en-US', '', '', '', '', '', '', '', '', ''

[SIP Params]

GWDEBUGLEVEL = 5
MSLDAPPRIMARYKEY = 'telephoneNumber'
SBCFORKINGHANDLINGMODE = 1
ENERGYDETECTORCMD = 587202560
ANSWERDETECTORCMD = 10486144

[ DeviceTable ]

FORMAT DeviceTable_Index = DeviceTable_VlanID,

DeviceTable_UnderlyingInterface, DeviceTable_DeviceName,
DeviceTable_Tagging, DeviceTable_MTU;
DeviceTable 0 = 1, "GROUP_1", "vlan 1", 0, 1500;
DeviceTable 1 = 2, "GROUP_2", "vlan 2", 0, 1500;

[ \DeviceTable ]

[ InterfaceTable ]

FORMAT InterfaceTable_Index = InterfaceTable_ApplicationTypes,

InterfaceTable_InterfaceMode, InterfaceTable_IPAddress,
InterfaceTable_PrefixLength, InterfaceTable_Gateway,
InterfaceTable_InterfaceName, InterfaceTable_PrimaryDNSServerIPAddress,
InterfaceTable_SecondaryDNSServerIPAddress,
InterfaceTable_UnderlyingDevice;
InterfaceTable 0 = 6, 10, 10.15.77.55, 16, 10.15.0.1, "LAN_IF",
10.15.27.1, , "vlan 1";
InterfaceTable 1 = 5, 10, 195.189.192.157, 24, 195.189.192.129, "WAN_IF",
80.179.52.100, 80.179.55.100, "vlan 2";

[ \InterfaceTable ]

AudioCodes Mediant SBC 62 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

[ TLSContexts ]

FORMAT TLSContexts_Index = TLSContexts_Name, TLSContexts_TLSVersion,

TLSContexts_DTLSVersion, TLSContexts_ServerCipherString,
TLSContexts_ClientCipherString, TLSContexts_RequireStrictCert,
TLSContexts_OcspEnable, TLSContexts_OcspServerPrimary,
TLSContexts_OcspServerSecondary, TLSContexts_OcspServerPort,
TLSContexts_OcspDefaultResponse, TLSContexts_DHKeySize;
TLSContexts 0 = "default", 0, 0, "DEFAULT", "DEFAULT", 0, 0, 0.0.0.0,
0.0.0.0, 2560, 0, 1024;
TLSContexts 1 = "Teams", 4, 0, "DEFAULT", "DEFAULT", 0, 0, 0.0.0.0,
0.0.0.0, 2560, 0, 1024;

[ \TLSContexts ]

[ AudioCodersGroups ]

FORMAT AudioCodersGroups_Index = AudioCodersGroups_Name;

AudioCodersGroups 0 = "AudioCodersGroups_0";

[ \AudioCodersGroups ]

[ IpProfile ]

FORMAT IpProfile_Index = IpProfile_ProfileName, IpProfile_IpPreference,

IpProfile_CodersGroupName, IpProfile_IsFaxUsed,
IpProfile_JitterBufMinDelay, IpProfile_JitterBufOptFactor,
IpProfile_IPDiffServ, IpProfile_SigIPDiffServ,
IpProfile_RTPRedundancyDepth, IpProfile_CNGmode,
IpProfile_VxxTransportType, IpProfile_NSEMode, IpProfile_IsDTMFUsed,
IpProfile_PlayRBTone2IP, IpProfile_EnableEarlyMedia,
IpProfile_ProgressIndicator2IP, IpProfile_EnableEchoCanceller,
IpProfile_CopyDest2RedirectNumber, IpProfile_MediaSecurityBehaviour,
IpProfile_CallLimit, IpProfile_DisconnectOnBrokenConnection,
IpProfile_FirstTxDtmfOption, IpProfile_SecondTxDtmfOption,
IpProfile_RxDTMFOption, IpProfile_EnableHold, IpProfile_InputGain,
IpProfile_VoiceVolume, IpProfile_AddIEInSetup,
IpProfile_SBCExtensionCodersGroupName,
IpProfile_MediaIPVersionPreference, IpProfile_TranscodingMode,
IpProfile_SBCAllowedMediaTypes, IpProfile_SBCAllowedAudioCodersGroupName,
IpProfile_SBCAllowedVideoCodersGroupName, IpProfile_SBCAllowedCodersMode,
IpProfile_SBCMediaSecurityBehaviour, IpProfile_SBCRFC2833Behavior,
IpProfile_SBCAlternativeDTMFMethod, IpProfile_SBCSendMultipleDTMFMethods,
IpProfile_SBCAssertIdentity, IpProfile_AMDSensitivityParameterSuit,
IpProfile_AMDSensitivityLevel, IpProfile_AMDMaxGreetingTime,
IpProfile_AMDMaxPostSilenceGreetingTime, IpProfile_SBCDiversionMode,
IpProfile_SBCHistoryInfoMode, IpProfile_EnableQSIGTunneling,
IpProfile_SBCFaxCodersGroupName, IpProfile_SBCFaxBehavior,
IpProfile_SBCFaxOfferMode, IpProfile_SBCFaxAnswerMode,
IpProfile_SbcPrackMode, IpProfile_SBCSessionExpiresMode,
IpProfile_SBCRemoteUpdateSupport, IpProfile_SBCRemoteReinviteSupport,
IpProfile_SBCRemoteDelayedOfferSupport, IpProfile_SBCRemoteReferBehavior,
IpProfile_SBCRemote3xxBehavior, IpProfile_SBCRemoteMultiple18xSupport,
IpProfile_SBCRemoteEarlyMediaResponseType,
IpProfile_SBCRemoteEarlyMediaSupport, IpProfile_EnableSymmetricMKI,
IpProfile_MKISize, IpProfile_SBCEnforceMKISize,
IpProfile_SBCRemoteEarlyMediaRTP, IpProfile_SBCRemoteSupportsRFC3960,
IpProfile_SBCRemoteCanPlayRingback, IpProfile_EnableEarly183,
IpProfile_EarlyAnswerTimeout, IpProfile_SBC2833DTMFPayloadType,

Version 7.2 63 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

IpProfile_SBCUserRegistrationTime, IpProfile_ResetSRTPStateUponRekey,
IpProfile_AmdMode, IpProfile_SBCReliableHeldToneSource,
IpProfile_GenerateSRTPKeys, IpProfile_SBCPlayHeldTone,
IpProfile_SBCRemoteHoldFormat, IpProfile_SBCRemoteReplacesBehavior,
IpProfile_SBCSDPPtimeAnswer, IpProfile_SBCPreferredPTime,
IpProfile_SBCUseSilenceSupp, IpProfile_SBCRTPRedundancyBehavior,
IpProfile_SBCPlayRBTToTransferee, IpProfile_SBCRTCPMode,
IpProfile_SBCJitterCompensation,
IpProfile_SBCRemoteRenegotiateOnFaxDetection,
IpProfile_JitterBufMaxDelay,
IpProfile_SBCUserBehindUdpNATRegistrationTime,
IpProfile_SBCUserBehindTcpNATRegistrationTime,
IpProfile_SBCSDPHandleRTCPAttribute,
IpProfile_SBCRemoveCryptoLifetimeInSDP, IpProfile_SBCIceMode,
IpProfile_SBCRTCPMux, IpProfile_SBCMediaSecurityMethod,
IpProfile_SBCHandleXDetect, IpProfile_SBCRTCPFeedback,
IpProfile_SBCRemoteRepresentationMode, IpProfile_SBCKeepVIAHeaders,
IpProfile_SBCKeepRoutingHeaders, IpProfile_SBCKeepUserAgentHeader,
IpProfile_SBCRemoteMultipleEarlyDialogs,
IpProfile_SBCRemoteMultipleAnswersMode, IpProfile_SBCDirectMediaTag,
IpProfile_SBCAdaptRFC2833BWToVoiceCoderBW,
IpProfile_CreatedByRoutingServer, IpProfile_SBCFaxReroutingMode,
IpProfile_SBCMaxCallDuration, IpProfile_SBCGenerateRTP,
IpProfile_SBCISUPBodyHandling, IpProfile_SBCISUPVariant,
IpProfile_SBCVoiceQualityEnhancement, IpProfile_SBCMaxOpusBW,
IpProfile_SBCEnhancedPlc, IpProfile_LocalRingbackTone,
IpProfile_LocalHeldTone, IpProfile_SBCGenerateNoOp,
IpProfile_SBCRemoveUnKnownCrypto, IpProfile_DataDiffServ,
IpProfile_SBCMSRPReinviteUpdateSupport, IpProfile_SBCMSRPOfferSetupRole,
IpProfile_SBCMSRPEmpMsg;
IpProfile 1 = "CUCM", 1, "AudioCodersGroups_0", 0, 10, 10, 46, 24, 0, 0,
2, 0, 0, 0, 0, -1, 1, 0, 0, -1, 1, 4, -1, 1, 1, 0, 0, "", "", 0, 0, "",
"", "", 0, 2, 0, 0, 0, 1, 0, 8, 300, 400, 0, 0, 0, "", 0, 0, 1, 3, 0, 2,
2, 1, 3, 2, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1,
0, 0, 0, 0, 0, 0, 0, 0, 300, -1, -1, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1,
-1, 0, "", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 1, 2, 0;
IpProfile 2 = "Teams", 1, "AudioCodersGroups_0", 0, 10, 10, 46, 24, 0, 0,
2, 0, 0, 0, 0, -1, 1, 0, 0, -1, 1, 4, -1, 1, 1, 0, 0, "",
"AudioCodersGroups_0", 0, 0, "", "", "", 0, 1, 0, 0, 0, 0, 0, 8, 300,
400, 0, 0, 0, "", 0, 0, 1, 3, 0, 0, 1, 0, 3, 2, 1, 0, 1, 0, 0, 0, 1, 0,
1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 300, -1, -1,
0, 0, 1, 0, 0, 0, 0, -1, -1, -1, -1, -1, 0, "", 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, -1, -1, 0, 0, 0, 1, 2, 0;

[ \IpProfile ]

[ CpMediaRealm ]

FORMAT CpMediaRealm_Index = CpMediaRealm_MediaRealmName,

CpMediaRealm_IPv4IF, CpMediaRealm_IPv6IF, CpMediaRealm_RemoteIPv4IF,
CpMediaRealm_RemoteIPv6IF, CpMediaRealm_PortRangeStart,
CpMediaRealm_MediaSessionLeg, CpMediaRealm_PortRangeEnd,
CpMediaRealm_TCPPortRangeStart, CpMediaRealm_TCPPortRangeEnd,
CpMediaRealm_IsDefault, CpMediaRealm_QoeProfile, CpMediaRealm_BWProfile,
CpMediaRealm_TopologyLocation;
CpMediaRealm 0 = "CUCM", "LAN_IF", "", "", "", 6000, 100, 6999, 0, 0, 0,
"", "", 0;
CpMediaRealm 1 = "Teams", "WAN_IF", "", "", "", 7000, 100, 7999, 0, 0, 0,
"", "", 1;

[ \CpMediaRealm ]

AudioCodes Mediant SBC 64 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

[ SBCRoutingPolicy ]

FORMAT SBCRoutingPolicy_Index = SBCRoutingPolicy_Name,

SBCRoutingPolicy_LCREnable, SBCRoutingPolicy_LCRAverageCallLength,
SBCRoutingPolicy_LCRDefaultCost, SBCRoutingPolicy_LdapServerGroupName;
SBCRoutingPolicy 0 = "Default_SBCRoutingPolicy", 0, 1, 0, "";

[ \SBCRoutingPolicy ]

[ SRD ]

FORMAT SRD_Index = SRD_Name, SRD_BlockUnRegUsers, SRD_MaxNumOfRegUsers,

SRD_EnableUnAuthenticatedRegistrations, SRD_SharingPolicy,
SRD_UsedByRoutingServer, SRD_SBCOperationMode, SRD_SBCRoutingPolicyName,
SRD_SBCDialPlanName, SRD_AdmissionProfile;
SRD 0 = "DefaultSRD", 0, -1, 1, 0, 0, 0, "Default_SBCRoutingPolicy", "",
"";

[ \SRD ]

[ MessagePolicy ]

FORMAT MessagePolicy_Index = MessagePolicy_Name,

MessagePolicy_MaxMessageLength, MessagePolicy_MaxHeaderLength,
MessagePolicy_MaxBodyLength, MessagePolicy_MaxNumHeaders,
MessagePolicy_MaxNumBodies, MessagePolicy_SendRejection,
MessagePolicy_MethodList, MessagePolicy_MethodListType,
MessagePolicy_BodyList, MessagePolicy_BodyListType,
MessagePolicy_UseMaliciousSignatureDB;
MessagePolicy 0 = "Malicious Signature DB Protection", -1, -1, -1, -1, -
1, 1, "", 0, "", 0, 1;

[ \MessagePolicy ]

[ SIPInterface ]

FORMAT SIPInterface_Index = SIPInterface_InterfaceName,

SIPInterface_NetworkInterface,
SIPInterface_SCTPSecondaryNetworkInterface, SIPInterface_ApplicationType,
SIPInterface_UDPPort, SIPInterface_TCPPort, SIPInterface_TLSPort,
SIPInterface_SCTPPort, SIPInterface_AdditionalUDPPorts,
SIPInterface_AdditionalUDPPortsMode, SIPInterface_SRDName,
SIPInterface_MessagePolicyName, SIPInterface_TLSContext,
SIPInterface_TLSMutualAuthentication, SIPInterface_TCPKeepaliveEnable,
SIPInterface_ClassificationFailureResponseType,
SIPInterface_PreClassificationManSet, SIPInterface_EncapsulatingProtocol,
SIPInterface_MediaRealm, SIPInterface_SBCDirectMedia,
SIPInterface_BlockUnRegUsers, SIPInterface_MaxNumOfRegUsers,
SIPInterface_EnableUnAuthenticatedRegistrations,
SIPInterface_UsedByRoutingServer, SIPInterface_TopologyLocation,
SIPInterface_PreParsingManSetName, SIPInterface_AdmissionProfile,
SIPInterface_CallSetupRulesSetId;
SIPInterface 0 = "CUCM", "LAN_IF", "", 2, 5060, 5060, 0, 0, "", 0,
"DefaultSRD", "", "default", -1, 0, 500, -1, 0, "CUCM", 0, -1, -1, -1, 0,
0, "", "", -1;
SIPInterface 1 = "Teams", "WAN_IF", "", 2, 0, 0, 5061, 0, "", 0,
"DefaultSRD", "", "Teams", -1, 1, 0, -1, 0, "Teams", 0, -1, -1, -1, 0, 1,
"", "", -1;

Version 7.2 65 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

[ \SIPInterface ]

[ ProxySet ]

FORMAT ProxySet_Index = ProxySet_ProxyName,

ProxySet_EnableProxyKeepAlive, ProxySet_ProxyKeepAliveTime,
ProxySet_ProxyLoadBalancingMethod, ProxySet_IsProxyHotSwap,
ProxySet_SRDName, ProxySet_ClassificationInput, ProxySet_TLSContextName,
ProxySet_ProxyRedundancyMode, ProxySet_DNSResolveMethod,
ProxySet_KeepAliveFailureResp, ProxySet_GWIPv4SIPInterfaceName,
ProxySet_SBCIPv4SIPInterfaceName, ProxySet_GWIPv6SIPInterfaceName,
ProxySet_SBCIPv6SIPInterfaceName, ProxySet_MinActiveServersLB,
ProxySet_SuccessDetectionRetries, ProxySet_SuccessDetectionInterval,
ProxySet_FailureDetectionRetransmissions;
ProxySet 0 = "ProxySet_0", 0, 60, 0, 0, "DefaultSRD", 0, "", -1, -1, "",
"", "CUCM", "", "", 1, 1, 10, -1;
ProxySet 1 = "CUCM", 1, 60, 0, 0, "DefaultSRD", 0, "", -1, -1, "", "",
"CUCM", "", "", 1, 1, 10, -1;
ProxySet 2 = "Teams", 1, 60, 2, 1, "DefaultSRD", 0, "Teams", -1, -1, "",
"", "Teams", "", "", 1, 1, 10, -1;

[ \ProxySet ]

[ IPGroup ]

FORMAT IPGroup_Index = IPGroup_Type, IPGroup_Name, IPGroup_ProxySetName,

IPGroup_SIPGroupName, IPGroup_ContactUser, IPGroup_SipReRoutingMode,
IPGroup_AlwaysUseRouteTable, IPGroup_SRDName, IPGroup_MediaRealm,
IPGroup_ClassifyByProxySet, IPGroup_ProfileName,
IPGroup_MaxNumOfRegUsers, IPGroup_InboundManSet, IPGroup_OutboundManSet,
IPGroup_RegistrationMode, IPGroup_AuthenticationMode, IPGroup_MethodList,
IPGroup_SBCServerAuthType, IPGroup_OAuthHTTPService,
IPGroup_EnableSBCClientForking, IPGroup_SourceUriInput,
IPGroup_DestUriInput, IPGroup_TopologyHidingHeaderList,
IPGroup_ContactName, IPGroup_Username, IPGroup_Password,
IPGroup_UUIFormat, IPGroup_QOEProfile, IPGroup_BWProfile,
IPGroup_AlwaysUseSourceAddr, IPGroup_MsgManUserDef1,
IPGroup_MsgManUserDef2, IPGroup_SIPConnect, IPGroup_SBCPSAPMode,
IPGroup_DTLSContext, IPGroup_CreatedByRoutingServer,
IPGroup_UsedByRoutingServer, IPGroup_SBCOperationMode,
IPGroup_SBCRouteUsingRequestURIPort, IPGroup_SBCKeepOriginalCallID,
IPGroup_TopologyLocation, IPGroup_SBCDialPlanName,
IPGroup_CallSetupRulesSetId, IPGroup_Tags, IPGroup_SBCUserStickiness,
IPGroup_UserUDPPortAssignment, IPGroup_AdmissionProfile,
IPGroup_ProxyKeepAliveUsingIPG, IPGroup_SBCAltRouteReasonsSetName;
IPGroup 0 = 0, "Default_IPG", "ProxySet_0", "", "", -1, 0, "DefaultSRD",
"", 0, "", -1, -1, -1, 0, 0, "", -1, "", 0, -1, -1, "", "", "",
"$1$gQ==", 0, "", "", 0, "", "", 0, 0, "default", 0, 0, -1, 0, 0, 0, "",
-1, "", 0, 0, "", 0, "";
IPGroup 1 = 0, "CUCM", "CUCM", "int-sbc2.audctrunk.aceducation.info", "",
-1, 0, "DefaultSRD", "CUCM", 1, "CUCM", -1, -1, 2, 0, 0, "", -1, "", 0, -
1, -1, "From,Diversion,Referred-By,History-Info", "", "Admin",
"$1$aCkNBwIC", 0, "", "", 0, "", "", 0, 0, "default", 0, 0, -1, 0, 0, 0,
"", -1, "", 0, 0, "", 0, "";
IPGroup 2 = 0, "Teams", "Teams", "int-sbc2.audctrunk.aceducation.info",
"", -1, 0, "DefaultSRD", "Teams", 0, "Teams", -1, 3, -1, 0, 0, "", -1,
"", 0, -1, -1, "", "int-sbc2.audctrunk.aceducation.info", "Admin",
"$1$aCkNBwIC", 0, "", "", 1, "", "", 0, 0, "default", 0, 0, -1, 0, 0, 1,
"", -1, "", 0, 0, "", 1, "";

[ \IPGroup ]

AudioCodes Mediant SBC 66 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

[ ProxyIp ]

FORMAT ProxyIp_Index = ProxyIp_ProxySetId, ProxyIp_ProxyIpIndex,

ProxyIp_IpAddress, ProxyIp_TransportType, ProxyIp_Priority,
ProxyIp_Weight;
ProxyIp 0 = "1", 0, "10.15.28.101:5060", 1, 0, 0;
ProxyIp 1 = "2", 0, "sip.pstnhub.microsoft.com:5061", 2, 1, 1;
ProxyIp 2 = "2", 1, "sip2.pstnhub.microsoft.com:5061", 2, 2, 1;
ProxyIp 3 = "2", 2, "sip3.pstnhub.microsoft.com:5061", 2, 3, 1;

[ \ProxyIp ]

[ ConditionTable ]

FORMAT ConditionTable_Index = ConditionTable_Name,

ConditionTable_Condition;
ConditionTable 0 = "Teams-Contact", "header.contact.url.host contains
'pstnhub.microsoft.com'";

[ \ConditionTable ]

[ IP2IPRouting ]

FORMAT IP2IPRouting_Index = IP2IPRouting_RouteName,

IP2IPRouting_RoutingPolicyName, IP2IPRouting_SrcIPGroupName,
IP2IPRouting_SrcUsernamePrefix, IP2IPRouting_SrcHost,
IP2IPRouting_DestUsernamePrefix, IP2IPRouting_DestHost,
IP2IPRouting_RequestType, IP2IPRouting_MessageConditionName,
IP2IPRouting_ReRouteIPGroupName, IP2IPRouting_Trigger,
IP2IPRouting_CallSetupRulesSetId, IP2IPRouting_DestType,
IP2IPRouting_DestIPGroupName, IP2IPRouting_DestSIPInterfaceName,
IP2IPRouting_DestAddress, IP2IPRouting_DestPort,
IP2IPRouting_DestTransportType, IP2IPRouting_AltRouteOptions,
IP2IPRouting_GroupPolicy, IP2IPRouting_CostGroup, IP2IPRouting_DestTags,
IP2IPRouting_SrcTags, IP2IPRouting_IPGroupSetName,
IP2IPRouting_RoutingTagName, IP2IPRouting_InternalAction;
IP2IPRouting 0 = "Terminate OPTIONS", "Default_SBCRoutingPolicy", "Any",
"*", "*", "*", "*", 6, "", "Any", 0, -1, 1, "", "", "internal", 0, -1, 0,
0, "", "", "", "", "default", "";
IP2IPRouting 1 = "Refer from Teams", "Default_SBCRoutingPolicy", "Any",
"*", "*", "*", "*", 0, "", "Teams", 2, -1, 2, "", "", "", 0, -1, 0, 0,
"", "", "", "", "default", "";
IP2IPRouting 2 = "Teams to CUCM", "Default_SBCRoutingPolicy", "Teams",
"*", "*", "*", "*", 0, "", "Any", 0, -1, 0, "CUCM", "", "", 0, -1, 0, 0,
"", "", "", "", "default", "";
IP2IPRouting 3 = "CUCM to Teams", "Default_SBCRoutingPolicy", "CUCM",
"*", "*", "*", "*", 0, "", "Any", 0, -1, 0, "Teams", "", "", 0, -1, 0, 0,
"", "", "", "", "default", "";

[ \IP2IPRouting ]

[ Classification ]

FORMAT Classification_Index = Classification_ClassificationName,

Classification_MessageConditionName, Classification_SRDName,
Classification_SrcSIPInterfaceName, Classification_SrcAddress,

Version 7.2 67 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

Classification_SrcPort, Classification_SrcTransportType,
Classification_SrcUsernamePrefix, Classification_SrcHost,
Classification_DestUsernamePrefix, Classification_DestHost,
Classification_ActionType, Classification_SrcIPGroupName,
Classification_DestRoutingPolicy, Classification_IpProfileName,
Classification_IPGroupSelection, Classification_IpGroupTagName;
Classification 0 = "Teams", "Teams-Contact", "DefaultSRD", "Any",
"52.114.*.*", 0, -1, "*", "*", "*", "int-
sbc2.audctrunk.aceducation.info", 1, "Teams", "", "", 0, "default";

[ \Classification ]

[ IPInboundManipulation ]

FORMAT IPInboundManipulation_Index =
IPInboundManipulation_ManipulationName,
IPInboundManipulation_RoutingPolicyName,
IPInboundManipulation_IsAdditionalManipulation,
IPInboundManipulation_ManipulationPurpose,
IPInboundManipulation_SrcIPGroupName,
IPInboundManipulation_SrcUsernamePrefix, IPInboundManipulation_SrcHost,
IPInboundManipulation_DestUsernamePrefix, IPInboundManipulation_DestHost,
IPInboundManipulation_RequestType, IPInboundManipulation_ManipulatedURI,
IPInboundManipulation_RemoveFromLeft,
IPInboundManipulation_RemoveFromRight,
IPInboundManipulation_LeaveFromRight, IPInboundManipulation_Prefix2Add,
IPInboundManipulation_Suffix2Add;
IPInboundManipulation 0 = "From Teams (Dst)", "Default_SBCRoutingPolicy",
0, 0, "Teams", "*", "*", "+", "*", 0, 1, 1, 0, 255, "", "";

[ \IPInboundManipulation ]

[ IPOutboundManipulation ]

FORMAT IPOutboundManipulation_Index =
IPOutboundManipulation_ManipulationName,
IPOutboundManipulation_RoutingPolicyName,
IPOutboundManipulation_IsAdditionalManipulation,
IPOutboundManipulation_SrcIPGroupName,
IPOutboundManipulation_DestIPGroupName,
IPOutboundManipulation_SrcUsernamePrefix, IPOutboundManipulation_SrcHost,
IPOutboundManipulation_DestUsernamePrefix,
IPOutboundManipulation_DestHost,
IPOutboundManipulation_CallingNamePrefix,
IPOutboundManipulation_MessageConditionName,
IPOutboundManipulation_RequestType,
IPOutboundManipulation_ReRouteIPGroupName,
IPOutboundManipulation_Trigger, IPOutboundManipulation_ManipulatedURI,
IPOutboundManipulation_RemoveFromLeft,
IPOutboundManipulation_RemoveFromRight,
IPOutboundManipulation_LeaveFromRight, IPOutboundManipulation_Prefix2Add,
IPOutboundManipulation_Suffix2Add,
IPOutboundManipulation_PrivacyRestrictionMode,
IPOutboundManipulation_DestTags, IPOutboundManipulation_SrcTags;
IPOutboundManipulation 0 = "To Teams (Src)", "Default_SBCRoutingPolicy",
0, "Any", "Teams", "*", "*", "*", "*", "*", "", 0, "Any", 0, 0, 0, 0,
255, "+", "", 0, "", "";

[ \IPOutboundManipulation ]

AudioCodes Mediant SBC 68 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

[ MessageManipulations ]

FORMAT MessageManipulations_Index =
MessageManipulations_ManipulationName, MessageManipulations_ManSetID,
MessageManipulations_MessageType, MessageManipulations_Condition,
MessageManipulations_ActionSubject, MessageManipulations_ActionType,
MessageManipulations_ActionValue, MessageManipulations_RowRole;
MessageManipulations 0 = "Change R-URI host toward CUCM", 2,
"Any.Request", "", "Header.Request-URI.URL.Host", 2,
"Param.Message.Address.Dst.IP", 0;
MessageManipulations 1 = "Remove PAI", 3, "", "", "Header.P-Asserted-
Identity", 1, "", 0;
MessageManipulations 2 = "Remove Privacy Header", 2, "", "Header.Privacy
exists And Header.From.URL !contains 'anonymous'", "Header.Privacy", 1,
"", 0;
MessageManipulations 3 = "Remove History-Info.1", 2, "", "Header.History-
Info.1 exists", "Header.History-Info.1", 1, "", 0;

[ \MessageManipulations ]

[ GwRoutingPolicy ]

FORMAT GwRoutingPolicy_Index = GwRoutingPolicy_Name,

GwRoutingPolicy_LCREnable, GwRoutingPolicy_LCRAverageCallLength,
GwRoutingPolicy_LCRDefaultCost, GwRoutingPolicy_LdapServerGroupName;
GwRoutingPolicy 0 = "GwRoutingPolicy", 0, 1, 0, "";

[ \GwRoutingPolicy ]

[ ResourcePriorityNetworkDomains ]

FORMAT ResourcePriorityNetworkDomains_Index =
ResourcePriorityNetworkDomains_Name,
ResourcePriorityNetworkDomains_Ip2TelInterworking;
ResourcePriorityNetworkDomains 1 = "dsn", 1;
ResourcePriorityNetworkDomains 2 = "dod", 1;
ResourcePriorityNetworkDomains 3 = "drsn", 1;
ResourcePriorityNetworkDomains 5 = "uc", 1;
ResourcePriorityNetworkDomains 7 = "cuc", 1;

[ \ResourcePriorityNetworkDomains ]

[ MaliciousSignatureDB ]

FORMAT MaliciousSignatureDB_Index = MaliciousSignatureDB_Name,

MaliciousSignatureDB_Pattern;
MaliciousSignatureDB 0 = "SIPVicious", "Header.User-Agent.content prefix
'friendly-scanner'";
MaliciousSignatureDB 1 = "SIPScan", "Header.User-Agent.content prefix
'sip-scan'";
MaliciousSignatureDB 2 = "Smap", "Header.User-Agent.content prefix
'smap'";
MaliciousSignatureDB 3 = "Sipsak", "Header.User-Agent.content prefix
'sipsak'";
MaliciousSignatureDB 4 = "Sipcli", "Header.User-Agent.content prefix
'sipcli'";

Version 7.2 69 AudioCodes Mediant SBC

 Microsoft Teams Direct Routing & Cisco CUCM

MaliciousSignatureDB 5 = "Sivus", "Header.User-Agent.content prefix

'SIVuS'";
MaliciousSignatureDB 6 = "Gulp", "Header.User-Agent.content prefix
'Gulp'";
MaliciousSignatureDB 7 = "Sipv", "Header.User-Agent.content prefix
'sipv'";
MaliciousSignatureDB 8 = "Sundayddr Worm", "Header.User-Agent.content
prefix 'sundayddr'";
MaliciousSignatureDB 9 = "VaxIPUserAgent", "Header.User-Agent.content
prefix 'VaxIPUserAgent'";
MaliciousSignatureDB 10 = "VaxSIPUserAgent", "Header.User-Agent.content
prefix 'VaxSIPUserAgent'";
MaliciousSignatureDB 11 = "SipArmyKnife", "Header.User-Agent.content
prefix 'siparmyknife'";

[ \MaliciousSignatureDB ]

[ AudioCoders ]

FORMAT AudioCoders_Index = AudioCoders_AudioCodersGroupId,

AudioCoders_AudioCodersIndex, AudioCoders_Name, AudioCoders_pTime,
AudioCoders_rate, AudioCoders_PayloadType, AudioCoders_Sce,
AudioCoders_CoderSpecific;
AudioCoders 0 = "AudioCodersGroups_0", 0, 1, 2, 90, -1, 0, "";
AudioCoders 1 = "AudioCodersGroups_0", 1, 2, 2, 90, -1, 0, "";
AudioCoders 2 = "AudioCodersGroups_0", 2, 20, 1, 90, -1, 0, "";
AudioCoders 3 = "AudioCodersGroups_0", 3, 35, 2, 19, 103, 0, "";
AudioCoders 4 = "AudioCodersGroups_0", 4, 36, 2, 43, 104, 0, "";

[ \AudioCoders ]

AudioCodes Mediant SBC 70 Document #: LTRT-29313

Configuration Note A. AudioCodes INI File

This page is intentionally left blank.

Version 7.2 71 AudioCodes Mediant SBC

International Headquarters
1 Hayarden Street,
Airport City
Lod 7019900, Israel
Tel: +972-3-976-4000
Fax: +972-3-976-4040

AudioCodes Inc.
200 Cottontail Lane
Suite A101E
Somerset NJ 08873
Tel: +1-732-469-0880
Fax: +1-732-469-2298

Contact us: https://www.audiocodes.com/corporate/offices-worldwide

website: https://www.audiocodes.com

©2021 AudioCodes Ltd. All rights reserved. AudioCodes, AC, HD VoIP, HD VoIP Sounds Better, IPmedia, Mediant,
MediaPack, What’s Inside Matters, OSN, SmartTAP, User Management Pack, VMAS, VoIPerfect, VoIPerfectHD, Your
Gateway To VoIP, 3GX, VocaNom, AudioCodes One Voice, AudioCodes Meeting Insights, AudioCodes Room Experience
and CloudBond are trademarks or registered trademarks of AudioCodes Limited. All other products or trademarks are
property of their respective owners. Product specifications are subject to change without notice.

Document #: LTRT-29313