“SBC远端电话注册支持”的版本间的差异
(创建页面,内容为“Overview The Remote Phone Support use case allows remote phones - employees working from home, or using a SIP client on their mobile phone - to register through th...”) |
|||
| 第17行: | 第17行: | ||
Go to Configuration->IP Settings->Network and then edit eth0 and assign the DMZ IP address. Next click the Add button to add an IP address to eth1. Enter in the IP address along with the subnet mask as shown below. | Go to Configuration->IP Settings->Network and then edit eth0 and assign the DMZ IP address. Next click the Add button to add an IP address to eth1. Enter in the IP address along with the subnet mask as shown below. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/2a.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/2a.png | ||
| + | |||
Once completed you will now have an IP address on eth0 and eth1. | Once completed you will now have an IP address on eth0 and eth1. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/2.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/2.png | ||
| + | |||
Next go to Configuration -> IP Settings -> Media Interfaces and click Edit. | Next go to Configuration -> IP Settings -> Media Interfaces and click Edit. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/3.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/3.png | ||
| + | |||
Change the Transcoding Mode to Hardware Hidden mode. Then click Save. | Change the Transcoding Mode to Hardware Hidden mode. Then click Save. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/4.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/4.png | ||
| + | |||
Next click Detect Modules. Once you modules are detected click OK to continue. | Next click Detect Modules. Once you modules are detected click OK to continue. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/5.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/5.png | ||
| 第30行: | 第34行: | ||
Go to Configuration -> Signaling -> SIP Profiles and click Modify next to the default internal SIP profile. | Go to Configuration -> Signaling -> SIP Profiles and click Modify next to the default internal SIP profile. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/11.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/11.png | ||
| + | |||
Ensure the SIP IP Address is configured set to the LAN IP address. Then enable the SIP Trace option. | Ensure the SIP IP Address is configured set to the LAN IP address. Then enable the SIP Trace option. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/12.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/12.png | ||
| + | |||
Next scroll down to the Authentication section and disable Authenticate Calls. This option is only required when remote phones are registering to a local SIP account on the SBC. Once done save the internal profile. | Next scroll down to the Authentication section and disable Authenticate Calls. This option is only required when remote phones are registering to a local SIP account on the SBC. Once done save the internal profile. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/13.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/13.png | ||
| + | |||
Next add a new profile called external. | Next add a new profile called external. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/14.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/14.png | ||
| + | |||
In the External SIP profile set the External SIP IP Address and External RTP IP Address to the public IP. As well enable the SIP Trace option. | In the External SIP profile set the External SIP IP Address and External RTP IP Address to the public IP. As well enable the SIP Trace option. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/15.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/15.png | ||
| + | |||
Next disable authenticate calls as we did with the internal SIP profile. Then since remote phones behind NAT will be registering through the PBX enable all the NAT options as shown below. | Next disable authenticate calls as we did with the internal SIP profile. Then since remote phones behind NAT will be registering through the PBX enable all the NAT options as shown below. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/16.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/16.png | ||
| 第45行: | 第54行: | ||
Go to Configuration -> Signaling -> SIP Trunks and click Add. Name the SIP trunk PBX. | Go to Configuration -> Signaling -> SIP Trunks and click Add. Name the SIP trunk PBX. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/17.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/17.png | ||
| + | |||
Set the Domain to be the IP address of the PBX. Enable OPTIONS by setting the Frequency and Max/Min Pings as shown below. Once done click Save. | Set the Domain to be the IP address of the PBX. Enable OPTIONS by setting the Frequency and Max/Min Pings as shown below. Once done click Save. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/18.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/18.png | ||
| 第55行: | 第65行: | ||
Next enable Forward Registration/Authentication as shown below. Set the Forward SIP profile to Internal. Then it is recommended to Force the Expires time to around 300-600 seconds; this will force the phones to register every 5-10 minutes. The short time period will ensure the registration information is current and correct. | Next enable Forward Registration/Authentication as shown below. Set the Forward SIP profile to Internal. Then it is recommended to Force the Expires time to around 300-600 seconds; this will force the phones to register every 5-10 minutes. The short time period will ensure the registration information is current and correct. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/20.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/20.png | ||
| + | |||
Next go to Configuration -> Signaling -> SIP Profiles and click Modify on the External SIP Profile. | Next go to Configuration -> Signaling -> SIP Profiles and click Modify on the External SIP Profile. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/21.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/21.png | ||
| + | |||
Then click Bind under the Domain section. | Then click Bind under the Domain section. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/22b.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/22b.png | ||
| + | |||
Select your domain from the list and click Bind. | Select your domain from the list and click Bind. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/22.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/22.png | ||
| + | |||
Your domain will now be bound to the SIP profile. This will allow Remote phones to register to your External SIP Profile. | Your domain will now be bound to the SIP profile. This will allow Remote phones to register to your External SIP Profile. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/23.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/23.png | ||
| − | |||
| − | |||
| − | |||
5) Configuring the Call Routing | 5) Configuring the Call Routing | ||
| 第72行: | 第83行: | ||
Go to Configuration -> Routing -> Call Routing and then click the Add button in the Basic Call Routing section to add a new routing plan. | Go to Configuration -> Routing -> Call Routing and then click the Add button in the Basic Call Routing section to add a new routing plan. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/31.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/31.png | ||
| + | |||
Name the new routing plan internal and then click Add. | Name the new routing plan internal and then click Add. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/32.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/32.png | ||
| + | |||
Once in the new routing plan click Add to add a new rule. | Once in the new routing plan click Add to add a new rule. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/33.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/33.png | ||
| + | |||
In the new rule change the stop policy to Stop On Failure. Add the condition below to verify all internal calls orginate from the PBX's IP address. To do this use the network_addr variable as shown below. Ensure the actions to perform if the condition doesn't match is set to respond with a 403. Once done click Save to continue. | In the new rule change the stop policy to Stop On Failure. Add the condition below to verify all internal calls orginate from the PBX's IP address. To do this use the network_addr variable as shown below. Ensure the actions to perform if the condition doesn't match is set to respond with a 403. Once done click Save to continue. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/34.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/34.png | ||
| + | |||
Next click Add to add a new rule. In the new rule set the condition based off the Destination Address. The condition will be (.*). The action will need to be a custom action and the application will be bridge. The data will be ${sofia_contact(external/$1@remote.sangoma.com) . The "external" part is the name of the external facing SIP profile. The "remote.sangoma.com" part is the domain the users are registering to. These are the two pieces that may change on a per installation basis. | Next click Add to add a new rule. In the new rule set the condition based off the Destination Address. The condition will be (.*). The action will need to be a custom action and the application will be bridge. The data will be ${sofia_contact(external/$1@remote.sangoma.com) . The "external" part is the name of the external facing SIP profile. The "remote.sangoma.com" part is the domain the users are registering to. These are the two pieces that may change on a per installation basis. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/35.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/35.png | ||
| + | |||
Next go back to the call routing and add a new routing plan as we did in step 1-2 above. Name the new routing plan external. This will be used for the external SIP profile. In the new routing plan add only one rule. The condition will be (.*) and based on the Destination Address. Then the action will be bridge to trunk. The Trunk will be the SIP trunk named PBX with the destination $1 as shown below. | Next go back to the call routing and add a new routing plan as we did in step 1-2 above. Name the new routing plan external. This will be used for the external SIP profile. In the new routing plan add only one rule. The condition will be (.*) and based on the Destination Address. Then the action will be bridge to trunk. The Trunk will be the SIP trunk named PBX with the destination $1 as shown below. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/36.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/36.png | ||
| + | |||
Now that both routing plans are made go to Configuration -> Signaling -> SIP Profiles and modify the internal SIP profile. | Now that both routing plans are made go to Configuration -> Signaling -> SIP Profiles and modify the internal SIP profile. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/37.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/37.png | ||
| + | |||
In the internal SIP profile under Session Routing change the Routing Plan to Internal. Then click Save to continue. | In the internal SIP profile under Session Routing change the Routing Plan to Internal. Then click Save to continue. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/38.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/38.png | ||
| + | |||
Next go back to Configuration -> Signaling -> SIP Profiles and this time click Modify next to the External SIP profile. Once in the External SIP profile, go to the Session Routing section and change the Routing Plan to External. Then click save | Next go back to Configuration -> Signaling -> SIP Profiles and this time click Modify next to the External SIP profile. Once in the External SIP profile, go to the Session Routing section and change the Routing Plan to External. Then click save | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/39.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/39.png | ||
| 第97行: | 第116行: | ||
Intrusion Prevention | Intrusion Prevention | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/41.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/41.png | ||
| + | |||
Enable all IDS rules by going to Configuration -> Security -> Intrusion Detection and ensuring all are checked. Once done click Update to apply the changes. | Enable all IDS rules by going to Configuration -> Security -> Intrusion Detection and ensuring all are checked. Once done click Update to apply the changes. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/42.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/42.png | ||
| + | |||
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. | Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/43.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/43.png | ||
| + | |||
In this example eth1 is the internal network interface. Once done click Save. | In this example eth1 is the internal network interface. Once done click Save. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/44.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/44.png | ||
| + | |||
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. Now both the web server and SSH will only be available on your internal network. | Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. Now both the web server and SSH will only be available on your internal network. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/45.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/45.png | ||
| + | |||
Since the configuration is now completed get a backup. Go to System -> Management -> Backup-Restore and click Backup. | Since the configuration is now completed get a backup. Go to System -> Management -> Backup-Restore and click Backup. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/46.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/46.png | ||
| + | |||
Name the file accordingly and click backup to download a copy. Ensure you keep this safe somewhere and always take a new backup after each change made to the SBC. | Name the file accordingly and click backup to download a copy. Ensure you keep this safe somewhere and always take a new backup after each change made to the SBC. | ||
http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/47.png | http://wiki.sangoma.com/files/SBC-Remote-Phone-Support/47.png | ||
2016年1月29日 (五) 11:20的版本
Overview
The Remote Phone Support use case allows remote phones - employees working from home, or using a SIP client on their mobile phone - to register through the SBC to the PBX so the users can use their normal office extensions as if they were sitting in the office. The SBC in this scenaro is providing far-end NAT traversal for the remote phones as well as enhanced security for the corporate network without the need to set up VPN tunnels. Note that the SBC can be used at the same time to perform SIP trunking interconnection but for simplicity the example below concentrates on remote access.
PBX IP: 192.168.1.10 SBC LAN IP: 192.168.1.20 SBC DMZ IP: 10.10.32.170 SBC Public IP: 104.145.12.182 SBC FQDN: remote.sangoma.com
1) Network Setup
Go to Configuration->IP Settings->Network and then edit eth0 and assign the DMZ IP address. Next click the Add button to add an IP address to eth1. Enter in the IP address along with the subnet mask as shown below.
Once completed you will now have an IP address on eth0 and eth1.
Next go to Configuration -> IP Settings -> Media Interfaces and click Edit.
Change the Transcoding Mode to Hardware Hidden mode. Then click Save.
Next click Detect Modules. Once you modules are detected click OK to continue.
2) SIP Profile Configuration
Go to Configuration -> Signaling -> SIP Profiles and click Modify next to the default internal SIP profile.
Ensure the SIP IP Address is configured set to the LAN IP address. Then enable the SIP Trace option.
Next scroll down to the Authentication section and disable Authenticate Calls. This option is only required when remote phones are registering to a local SIP account on the SBC. Once done save the internal profile.
Next add a new profile called external.
In the External SIP profile set the External SIP IP Address and External RTP IP Address to the public IP. As well enable the SIP Trace option.
Next disable authenticate calls as we did with the internal SIP profile. Then since remote phones behind NAT will be registering through the PBX enable all the NAT options as shown below.
3) Adding SIP Trunk to PBX
Go to Configuration -> Signaling -> SIP Trunks and click Add. Name the SIP trunk PBX.
Set the Domain to be the IP address of the PBX. Enable OPTIONS by setting the Frequency and Max/Min Pings as shown below. Once done click Save.
4) Configuring the SIP Domain
Go to Configuration -> Signaling -> Domains and click Add. Set the name of the domain to the FQDN or IP the remote phones will be registering to.
Next enable Forward Registration/Authentication as shown below. Set the Forward SIP profile to Internal. Then it is recommended to Force the Expires time to around 300-600 seconds; this will force the phones to register every 5-10 minutes. The short time period will ensure the registration information is current and correct.
Next go to Configuration -> Signaling -> SIP Profiles and click Modify on the External SIP Profile.
Then click Bind under the Domain section.
Select your domain from the list and click Bind.
Your domain will now be bound to the SIP profile. This will allow Remote phones to register to your External SIP Profile.
5) Configuring the Call Routing
Go to Configuration -> Routing -> Call Routing and then click the Add button in the Basic Call Routing section to add a new routing plan.
Name the new routing plan internal and then click Add.
Once in the new routing plan click Add to add a new rule.
In the new rule change the stop policy to Stop On Failure. Add the condition below to verify all internal calls orginate from the PBX's IP address. To do this use the network_addr variable as shown below. Ensure the actions to perform if the condition doesn't match is set to respond with a 403. Once done click Save to continue.
Next click Add to add a new rule. In the new rule set the condition based off the Destination Address. The condition will be (.*). The action will need to be a custom action and the application will be bridge. The data will be ${sofia_contact(external/$1@remote.sangoma.com) . The "external" part is the name of the external facing SIP profile. The "remote.sangoma.com" part is the domain the users are registering to. These are the two pieces that may change on a per installation basis.
Next go back to the call routing and add a new routing plan as we did in step 1-2 above. Name the new routing plan external. This will be used for the external SIP profile. In the new routing plan add only one rule. The condition will be (.*) and based on the Destination Address. Then the action will be bridge to trunk. The Trunk will be the SIP trunk named PBX with the destination $1 as shown below.
Now that both routing plans are made go to Configuration -> Signaling -> SIP Profiles and modify the internal SIP profile.
In the internal SIP profile under Session Routing change the Routing Plan to Internal. Then click Save to continue.
Next go back to Configuration -> Signaling -> SIP Profiles and this time click Modify next to the External SIP profile. Once in the External SIP profile, go to the Session Routing section and change the Routing Plan to External. Then click save
6) Finalizing the Installation
Go to Overview -> Dashboard -> Control Panel and start the following services.
Vega Session Controller
IP Firewall
Intrusion Detection
Intrusion Prevention
Enable all IDS rules by going to Configuration -> Security -> Intrusion Detection and ensuring all are checked. Once done click Update to apply the changes.
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface.
In this example eth1 is the internal network interface. Once done click Save.
Next go to System -> Server -> Web and change the Network Interface from All interfaces to only the internal network interface. Now both the web server and SSH will only be available on your internal network.
Since the configuration is now completed get a backup. Go to System -> Management -> Backup-Restore and click Backup.
Name the file accordingly and click backup to download a copy. Ensure you keep this safe somewhere and always take a new backup after each change made to the SBC.
