-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Poly Video Conferencing
- Collaboration & Conferencing Platforms
- Secure TLS SIP Trunk between DMA and Cisco CUCM
Create an account on the HP Community to personalize your profile and ask a question
05-26-2014 02:35 AM
Hi Community,
I would like to ask if anybody was succesful with creating Secure SIP Trunk between DMA and Cisco CUCM ?
I was able to create SIP trunk and also secure calls between DMA registered endpoint (GS300) and CUCM registered endpoint (HDX4k5).
But as you know if you dont have secure sip trunk you can find / pull out crypto keys from signaling messages, where they are in clear text form.
When i tried to set SIP TLS trunk between DMA and CUCM calls always failed because of "Unsupported URI scheme". It looks like CUCM does not understand of DMA sip form.
DMA version: 6.0.4_Build_1
CUCM version: 9.1.2
Thanks for any advice
Solved! Go to Solution.
Accepted Solutions
06-05-2014 11:31 AM
Tom,
I have never tried to set this up. But I might have some pointers for you to try. I am assuming you are using port 5061 and the transport type set to TLS in your DMA SIP Peer configuration for the CUCM server. I also assume you have certificates installed on both CUCM and DMA which are trusted by each other.
Edit the external SIP peer configuration on the DMA (network, external SIP peer). Go to Postliminary. Click the radio button for Use customized script. Scroll down to the bottom where it has the following line.
DIAL_STRING = 'sip:' + phost + ':' + pport + ';transport=' + ptransport; // change the Request-URI
Change this to match what you want to send, for example:
DIAL_STRING = 'sip:' + phost + ':' + '5061' + ';transport=TLS;Ir'; // change the Request-URI
Also check our documentation here.
S.
05-28-2014 06:04 AM
I have collected logs from CUCM (as attachment of this post) where i can see few error messages in sip signalization.
First error point to problem with ReqURI Scheme verification (//SIP/Stack/Error/0x0/act_idle_new_message: Failed ReqURI Scheme verification) and second to problem with transport layer (//SIP/Stack/Transport/0xfa5fb58/sipSPISendErrorResponse: Sending ERROR Response to the transport layer). I think both of them are depended each other.
If i compared logs from calls placed through secure and unsecure SIP Trunk, i have seen in logs from call via secure SIP Trunk, that in Route: <sips:10.24.14.100:5061;lr> transport protocol is missing. In call placed through unsecure SIP Trunk route form is Route: <sip:10.24.14.100:5060;transport=TCP;lr>. Is it mandatory, or it can be main reason that call fail ?
Can i somehow change sip messages form on DMA ?
Or does someone experience with setting of SIP TLS Trunk on DMA to CUCM ?
Thanks for any advice
06-05-2014 11:31 AM
Tom,
I have never tried to set this up. But I might have some pointers for you to try. I am assuming you are using port 5061 and the transport type set to TLS in your DMA SIP Peer configuration for the CUCM server. I also assume you have certificates installed on both CUCM and DMA which are trusted by each other.
Edit the external SIP peer configuration on the DMA (network, external SIP peer). Go to Postliminary. Click the radio button for Use customized script. Scroll down to the bottom where it has the following line.
DIAL_STRING = 'sip:' + phost + ':' + pport + ';transport=' + ptransport; // change the Request-URI
Change this to match what you want to send, for example:
DIAL_STRING = 'sip:' + phost + ':' + '5061' + ';transport=TLS;Ir'; // change the Request-URI
Also check our documentation here.
S.
06-05-2014 11:54 PM
Hi Simons,
Thanks for reply. As you mentioned all of your first suggestions i already have configured (port, transport type and also certificates signed by our trusted CA uploaded to DMA and CUCM).
I will try your suggestion about script and then i will let you know if it help.
T.
06-09-2014 05:27 AM
Hi Simons,
I have tried your suggestion with postliminary script but without effect. In log i can see now "SIP/2.0 Bad Request - 'Malformed / Missing URL ' ". I will try to play with it in more detail tomorrow.
Another question to you: Is it possible to set something on DMA to block direct calls between registered endpoints ? I want to ensure, that all calls originated on DMA have to go to CUCM and CUCM will make necessary digit manipulation to route call back to DMA. The reason is to simulate Multitenant environment.
Thanks for soon answer
06-09-2014 07:19 AM
Hi Simons,
Finally i set it up 🙂
One problem was just bad syntax of dial string in postliminary tab.
When i set it like (see below) it started to work:
Didn't find what you were looking for? Ask the community