Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 8bit
Organization: SipXecs Forum
In-Reply-To: 
<caa0za5jwgr9dcw6tseuk6sutyzc0sla9kwc8scf2n9jnck2...@mail.gmail.com>
X-FUDforum: 08063afcdd00a6e76393c5b9527381e8 <66641>
Message-ID: <[email protected]>



The configuration for the SBC seems correct in general
lines:
http://wiki.sipfoundry.org/display/sipXecs/Acme+Packet+SBC+sample+config+for+Remote+Workers

Some suggestions:
For the ouside realm, you could change the trust-level to
low; so endpoints can be demoted to deny. When set to
medium, never gets demoted to deny.
On the outside sip-interface; you could also add a TCP
interface so Bria for iOS and similar are happier; if you're
not using TLS.

Also you might need to add some sip-feature to the config.
Example:

sip-feature
        name                           100rel
        realm
        support-mode-inbound           Pass
        require-mode-inbound           Pass
        proxy-require-mode-inbound     Pass
        support-mode-outbound          Pass
        require-mode-outbound          Pass
        proxy-require-mode-outbound    Pass

and same for 'eventlist' and 'timer' are fairly common

As an additional protection; registration scanners usually
do not know the FQDN of your PBX; so if you have phones
registering against a domain name; make use of that by
creating a local-policy that only routes to the core when
that domain is part of the URI. You might have to also use
an outbound proxy with the IP address or FQDN of the SBC;
depending on your DNS setup.

Example:


local-policy
        from-address                   
                                       *
        to-address                     
                                       sipXecs.domain.name <===
Change to your setup
        source-realm                   
                                       outside
        description                   
Remote_Worker_Route_Policy_to_Core
        activate-time                  N/A
        deactivate-time                N/A
        state                          enabled
        policy-priority                none
        last-modified-by               mailto:[email protected]
        last-modified-date             2010-10-14 09:45:39
        policy-attribute
                next-hop                       sag:sipXecs
                realm                          inside
                action                         none
                terminate-recursion            enabled  <=== There is no
need to recurse if this fails
                carrier                        
                start-time                     0000
                end-time                       2400
                days-of-week                   U-S
                cost                           0
                app-protocol                   SIP
                state                          enabled
                methods                        
                media-profiles                 
                carrier
                start-time                     0000
                end-time                       2400
                days-of-week                   U-S
                cost                           0
                app-protocol                   SIP
                state                          enabled
                methods
                media-profiles
                lookup                         single
                next-key
                eloc-str-lkup                  disabled
                eloc-str-match
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Reply via email to