The Next Generation of Communication....

SIP Trunk
Today’s Agenda:

• What is SIP?
• PRI Vs SIP Trunk
• Benefits of SIP Trunk
• SIP Trunk Infrastructure
• Setup Overview
• ABL Kashmir Road Call Center Setup
• ABL Allied Tower Call Center Setup
• ABL Mobile Banking
What is SIP?
The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling
multimedia communication sessions. SIP works in conjunction with several other application
layer protocols that identify and carry the session media.

SIP is just one component in the set of protocols and services needed to support multimedia
exchanges over the Internet. SIP is the signaling protocol that enables one party to place a call to
another party and to negotiate the parameters of a multimedia session. The actual audio, video,
or other multimedia content is exchanged between session participants using an appropriate
transport protocol. In many cases, the transport protocol to use is the Real-Time Transport
Protocol (RTP). Directory access and lookup protocols are also needed.

Session Description Protocol : Media Identification and Negotiation

Real-time Transport Protocol (RTP) : Transmission of media streams
Secure Real-time Transport Protocol (SRTP)
Transport Layer Security (TLS) : Secure transmissions of SIP messages
SIP supports five facets of establishing and terminating multimedia
communications:

User location: Users can move to other locations and access their telephony or other application
features from remote locations.

User availability: This step involves determination of the willingness of the called party to engage in
communications.

User capabilities: In this step, the media and media parameters to be used are determined.

Session setup: Point-to-point and multiparty calls are set up, with agreed session parameters.

Session Management: Transfer, modifying and termination session, also involved invoking services.
SIP History:
• SIP was originally designed in 1996.
• The protocol was standardized as RFC 2543 in 1999
(SIP 1.0).
• SIP latest version (2.0) was introduced in 2002.
• While originally developed based on voice
applications, the protocol was envisioned and
supports a diverse array of applications,
including video conferencing, streaming multimedia
distribution, instant messaging, presence
information, file transfer, fax over IP and online
games.
SIP Operation:
• It runs on the Transmission Control Protocol (TCP), the User
Datagram Protocol (UDP) or the Stream Control Transmission
Protocol (SCTP).
• SIP can be used for two-party (unicast) or multiparty (multicast)
sessions.
• SIP works in concert with several other protocols and is only
involved in the signaling portion of a communication session.
• SIP clients typically use TCP or UDP on port numbers5060 or
5061 to connect to SIP servers and other SIP endpoints.
• Port 5060 is commonly used for non-encrypted signaling traffic
whereas port 5061 is typically used for traffic encrypted
with Transport Layer Security (TLS).
What is PRI and SIP Trunking?
PRI and SIP Trunking are two different ways of connecting your
business to the PSTN (Public Switched Telephone Network).

PRI:
• PRI (Primary Rate Interface) is a
physical connection to the PSTN
over a dedicated line that only
serves voice transmission.
• PRI uses a circuit switched model
for making voice connections
between people
• PRI has a guaranteed Quality of
Service (QoS).
SIP:
• (Session Initiating Protocol)
Trunking is a virtual connection to
the PSTN over a physical line that is
often shared over your existing data
connection.
• SIP Trunking uses a packet
switched model for making voice
connections between people
• SIP Trunking is typically Best
Effort.
 More Specifically, What is PRI?
A PRI is a single line (typically a E1 connection in in the Europe and rest of the WORLD) with 30 voice
channels (and a Two data/control channel), that allows your business to hold 30 calls simultaneously. This
is not always equivalent to the number of phone numbers a business has. Your business may have 100
phone numbers that are directed to come across a single PRI, however, you will only be allowed to hold 30
phone conversations at once.
 More Specifically, What is SIP?
In short, SIP Trunking is a method of sending your voice connection over an existing data line, and therefore is
commonly referred to as VoIP (Voice over Internet Protocol).
Your call goes out over the SIP Trunk, is treated exactly like every other piece of data on that connection and is
not given priority over webpages, emails, or instant messages.

Remember
SIP Trunking is nothing more than the virtual connection between your PBX and your carriers SIP Network,
over the already existing Physical Data Line.
Benefits Of SIP Trunking:
• Eliminates costly BRIs (Basic Rate Interfaces) and PRIs (Primary Rate Interfaces)
subscriptions.

• No need to invest in PSTN gateways and additional line cards as you grow.

• Optimal utilization of bandwidth by delivering both data and voice in the same connection.

• Maximum flexibility in dimensioning and usage of lines as you avoid having to buy capacity in
chunks of 23 (T1) or 30 (E1) lines.

• Flexible termination of calls to preferred providers; calls to anywhere worldwide can be made
for the cost of a local one.

• Redundancy with multiple service providers and links.

SIP Network Elements:
IP PBX:
The key element to SIP Trunking is a phone system that can convert voice calls into VoIP calls for
transmission across the SIP trunk. While there are other devices out there that can do
this job — various VoIP gateway type devices, for example — the most common and cost-effective
mechanism is an IP PBX.

Session border controllers:

A key element of a SIP Trunking solution is the Session Border Controller (SBC). The SBC is the
device that sits on the border between an enterprise’s private network and the public network
provided by data and telephony service providers. The SBC plays a few very vital
roles in managing SIP traffic for voice and other UC services and applications.
Security
Routing
QoS
 SIP Components and Protocols:
A system using SIP can be viewed as consisting of components defined on two dimensions:
client/server and individual network elements.

Client: A client is any network element that sends SIP requests and receives SIP responses. Clients
may or may not interact directly with a human user. User agent clients and proxies are clients.

Server: A server is a network element that receives requests in order to service them and sends back
responses to those requests. Examples of servers are proxies, user agent servers, redirect servers, and
registrars.

The individual elements of a standard SIP configuration include the following:

• User Agent: The user agent resides in every SIP end station. It acts in two roles:

User Agent Client (UAC): Issues SIP requests

User Agent Server (UAS): Receives SIP requests and generates a response that accepts, rejects, or
redirects the request
 SIP Components and Protocols:
Redirect Server: The redirect server is used during session initiation to determine the address of the
called device. The redirect server returns this information to the calling device, directing the UAC to contact
an alternate Universal Resource Identifier (URI). A URI is a generic identifier used to name any resource on
the Internet. The URL used for Web addresses is a type of URI.

Proxy Server: The proxy server is an intermediary entity that acts as both a server and a client for the
purpose of making requests on behalf of other clients. A proxy server primarily plays the role of routing,
meaning that its job is to ensure that a request is sent to another entity closer to the targeted user. Proxies are
also useful for enforcing policy (for example, making sure a user is allowed to make a call). A proxy interprets,
and, if necessary, rewrites specific parts of a request message before forwarding it.

Registrar: A registrar is a server that accepts REGISTER requests and places the information it receives
(the SIP address and associated IP address of the registering device) in those requests into the location service
for the domain it handles.

Location Service: A location service is used by a SIP redirect or proxy server to obtain information about
a callee's possible location(s). For this purpose, the location service maintains a database of SIP-address/ IP-
address mappings.
SIP Components and Protocols:

SIP URIs have a format based on e-mail address formats, namely user@domain. There are two common
schemes. An ordinary SIP URI is of the form:

sip:bob@biloxi.com
Setup Overview:
Allied Tower:
• Call Center:
1. Multinet
2. PTCL

• Mobile Banking
1. Multinet Master No. 0423-2560901
2. Wateen Master No. 042-8356999
Kashmir Road:
• Call Center:
1. PTCL
2. Multinet [ UAT ]
 202.125.143.x

KR Call Center Logical View and Call Flow :

172.17.224.x
PTCL SIP Server

Gi0/20
Vlan 400

Primary

10.225.1.155
Internet
Primary

Internet Telecom Service

ASA

HSRP
Provider
172.17.224.X
MOD-01-SWD
192.168.86.X NAT 10.128.0.42

Secondary
Internet

Outgoing Traffic
User
GigabitEthernet0/3.286
192.168.86.1 Incoming Traffic
 202.125.143.x

Kashmir Road Call Center Setup: Vlan 400:202.125.143.106

T
Vlan 111:10.225.1.153 172.17.224.x NA
Vlan 217: 10.128.0.44
PTCL SIP Server

Gi0/20
Vlan 400
Gi0/3 Gi0/1 Gig 0/0
Trunk Primary

10.225.1.155
Trunk
Internet
Primary

Gig 0/22 Internet Telecom Service

ASA

HSRP
Outside Gi0/24 Provider
GigabitEthernet0/0 Vlan 111
10.225.1.156 MOD-01-SWD Gig 0/23 Gig 0/1
172.17.224.X Gi0/2 10.128.0.42
Trunk
GigabitEthernet0/3.286 NAT

Call
192.168.86.1 Secondary
192.168.86.X Internet

User

Gi9/16
Trunk

Gi10/24 Genysis SIP Signaling

Vlan 286 192.168.86.2

DC1-6513 Call Center

192.168.128.105
Genysis SIP Voice
192.168.86.10
KR Internet ASA:
Interface Name IP address Subnet mask
Port-channel3.321 OUTSIDE 10.225.3.1 255.255.255.248
Port-channel21.286 Prod-CC 192.168.86.1 255.255.255.240

Static NAT:
nat (Prod-CC,OUTSIDE) source static obj-192.168.86.10 obj-172.17.224.4
nat (Prod-CC,OUTSIDE) source static obj-192.168.86.4 obj-172.17.224.3
nat (Prod-CC,OUTSIDE) source static obj-192.168.86.2 obj-172.17.224.2

route outside 59.103.224.20 255.255.255.255 10.225.1.155

 KR DMZ Switch 10.128.0.42:
interface GigabitEthernet0/1 interface GigabitEthernet0/20
description *** Trunk-to-ASA *** description **** SIP-CallCenter-KR-PTCL ****
switchport trunk encapsulation dot1q switchport access vlan 400
switchport mode trunk switchport mode access
!
interface GigabitEthernet0/2
description ----UP-Link-DC-1-Gig-9/16 interface GigabitEthernet0/24
switchport trunk encapsulation dot1q description ----Connected to Internet ASA--
switchport mode trunk switchport access vlan 111
switchport mode access
interface GigabitEthernet0/14
description DMZ to DC1
switchport access vlan 217
switchport mode access
 KR Internet 10.128.0.44:
interface GigabitEthernet0/0.1
description ---To ASA Via DMZ Port g0/22---
encapsulation dot1Q 111
ip address 10.225.1.153 255.255.255.248
no ip proxy-arp
ip nat inside
ip virtual-reassembly
standby 1 ip 10.225.1.155
standby 1 priority 200
standby 1 preempt
ip nat inside source static 172.17.224.2 202.125.143.107
ip nat inside source static 172.17.224.4 202.125.143.108
ip nat inside source static 172.17.224.3 202.125.143.109
ip route 59.103.224.20 255.255.255.255 202.125.143.105 name PTCL-SIP-Server
ip route 172.17.224.2 255.255.255.255 10.225.1.156
ip route 172.17.224.3 255.255.255.255 10.225.1.156
ip route 172.17.224.4 255.255.255.255 10.225.1.156

interface GigabitEthernet0/0.400
description **** PTCL SIP Call Center ****
encapsulation dot1Q 400
ip address 202.125.143.106 255.255.255.248
ip access-group 101 in
ip access-group 102 out
ip nat outside
ip virtual-reassembly
AT Call Center Logical View and Call Flow : 202.125.143.X

Internet Primary

59.103.224.20 125.209.93.196
PTCL SIP Server Multinet SIP Server
172.18.224.X

Telecom Service
Provider

172.18.224.X
Gi 0/2

User Primary Active Standby Standby

Internet ASA Internet ASA

192.168.250.X
VSS
Allied Tower Call Center Setup:
202.125.143.X

Internet Primary Internet Secondary

NAT
10.133.50.19

10.133.50.20
59.103.224.20 Gi0/1 Gi0/0 Gi0/0 125.209.93.196
PTCL SIP Server Multinet SIP Server

172.18.224.X

Gi 1/0/38 Gi1/0/47 Gi 1/0/47

Telecom Service
Provider Gi1/0/40 Gi1/0/40
Gi 1/0/8 Po1
Gi1/0/41 Gi1/0/27 Gi 1/0/39
VLAN 375 VLAN 371
10.133.50.26 10.133.50.27
Gi 1/0/37 Gi 1/0/26
VLAN 508 VLAN 508

ll
Ca
172.18.224.X

Gi 0/2 Gi 0/2

10.133.50.18
10.133.50.17
Gi 0/0 Po Gi 0/0

NAT
10
Gi 0/1 Gi 0/1

User Active Standby

192.168.250.X Po 30 Po 31

VSS

Po
254

SIP Signaling Server SIP Voice Server

192.168.250.203 192.168.250.194

Call Center
 AT Internet ASA 10.133.50.17:
GigabitEthernet0/2 OUTSIDE 103.247.66.1 255.255.255.248
Management0/0 management 10.133.50.17 255.255.255.192
Port-channel30.254 CallCentre 192.168.250.193 255.255.255.240
Static NAT:
object network CC_SRV-SIP
host 192.168.250.203
object network CC_SRV-SIP-3
host 192.168.250.194
object network CC_SRV-SIP-2 route OUTSIDE 59.103.224.20 255.255.255.255 103.247.66.2
host 192.168.250.195

object network CC_SRV-SIP

nat (CallCentre,OUTSIDE) static 172.18.224.3
object network CC_SRV-SIP-3
nat (CallCentre,OUTSIDE) static 172.18.224.6
object network CC_SRV-SIP-2
nat (CallCentre,OUTSIDE) static 172.18.224.4
AT Outside Switch-1 10.133.50.26:

interface GigabitEthernet1/0/8 interface Port-channel1

description **** SIP-CallCenter-PTCL **** description *** Etherchannel between DMZ-SW-1 & 2 ***
switchport access vlan 375 switchport trunk allowed vlan 111,264,348,349,370-373,375,376,450,455,508,950
switchport mode access switchport mode trunk

interface GigabitEthernet1/0/38
description *** AT-Internet-1 2951-Gi0/1 ***
switchport trunk allowed vlan 280,349,370,371,375,376
switchport mode trunk

interface GigabitEthernet1/0/37
description *** Connected to Internet-ASA-Pri ***
switchport access vlan 508
switchport mode access

interface GigabitEthernet1/0/47
description *** AT-Internet-1 2951-Gi0/0 ***
switchport trunk allowed vlan 111,264,375,376,508
switchport mode trunk

interface GigabitEthernet1/0/23
description **** SIP-CallCenter-Multinet ****
switchport access vlan 376
 AT Internet 10.133.50.19:
interface GigabitEthernet0/1.375 ip nat inside source static 172.18.224.3 202.125.143.100
description **** PTCL SIP Call Center **** ip nat inside source static 172.18.224.6 202.125.143.101
encapsulation dot1Q 375 ip nat inside source static 172.18.224.4 202.125.143.102
ip address 202.125.143.98 255.255.255.248
ip access-group 101 in
ip access-group 102 out ip route 59.103.224.20 255.255.255.255 202.125.143.97 name PTCL-SIP-CC-Proxy
ip nat outside
ip virtual-reassembly in ip route 125.209.93.196 255.255.255.255 10.99.35.97 name Multinet-SIP-CC-Proxy

interface GigabitEthernet0/0.508 ip route 172.18.224.3 255.255.255.255 103.247.66.1 name Towards-CC-ASA

bandwidth 90000 ip route 172.18.224.4 255.255.255.255 103.247.66.1
encapsulation dot1Q 508 ip route 172.18.224.6 255.255.255.255 103.247.66.1
ip address 103.247.66.3 255.255.255.248
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
standby 250 ip 103.247.66.2
standby 250 priority 150
standby 250 preempt
AT Mobile-Banking Logical ViewInternet
and Primary SMS/Call Flow :
Internet Secondary

10.133.50.19

10.133.50.20
Multinet Mobile Banking SIP
Wateen Mobile Banking SIP 125.209.93.196
10.64.1.39

Gi 1/0/38 Gi 1/0/47

10.133.50.26 10.133.50.27

IP-Sec Tunnel

10.133.50.18
a

10.133.50.17
Internet Cloud
l
l E-Ocean Server
SMS 110.93.218.34
Active Standby

VSS
S
M Telecom Service
Provider
S Telecom Service
Provider

Call
User

Sybase
Application DB
IVR
Allied Tower Mobile Banking:
Internet Primary Internet Secondary

10.133.50.19

10.133.50.20
Gi0/1 Gi0/0 Multinet Mobile Banking SIP
Wateen Mobile Banking SIP 125.209.93.196
10.64.1.39 Call

Gi 1/0/38 Gi 1/0/47

Gi 1/0/8 Po1
Gi 1/0/38
VLAN 370 VLAN 371
10.133.50.26 10.133.50.27
Gi 1/0/37 Gi 1/0/26
IP-Sec Tunnel

l
Cal
Gi 0/2 Gi 0/2

10.133.50.18
10.133.50.17
Internet Cloud

Call
Gi 0/0 Po Gi 0/0
10
Gi 0/1 Gi 0/1
E-Ocean Server
SMS
110.93.218.34
Active Standby
Po Po
30 31
VSS

SMS
Po
Telecom Service
254 Provider
Telecom Service
Provider

Call S
SM

Call
User

Sybase
Application DB
IVR
 AT Internet ASA 10.133.50.17:
Phase 2
Phase 1:
crypto ipsec ikev1 transform-set FirstSet-2 esp-3des esp-md5-hmac
crypto ikev1 policy 3
authentication pre-share crypto map mymap 3 match address e-ocean
encryption 3des crypto map mymap 3 set peer MB-EOcean-GW
hash md5 crypto map mymap 3 set ikev1 transform-set FirstSet
group 2 crypto map mymap 3 set security-association lifetime seconds 28800
lifetime 28800 crypto map mymap interface OUTSIDE

crypto ikev1 enable OUTSIDE act/pri/AT-ASA5525-INT# sh run access-list e-ocean

access-list e-ocean extended permit ip 172.16.224.0 255.255.255.0 192.168.10.0
255.255.255.0
tunnel-group 110.93.218.34 type ipsec-l2l
tunnel-group 110.93.218.34 ipsec-attributes route OUTSIDE MB-EOcean-GW 255.255.255.255 103.247.66.2
ikev1 pre-shared-key *****
Verify Encrypted Data Transfer
#crypto isa sa
IKE Peer: MB-EOcean-GW
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
name 110.93.218.34 MB-EOcean-GW description VPN-Mobile-Banking with
Eocean Gateway IP
 AT Internet RTR 10.133.50.19:
AT Internet ASA 10.133.50.17: interface GigabitEthernet0/1.370
description *** Wateen-SIP *** Ping 10.64.1.39 to test ******
NAT: encapsulation dot1Q 370
ip address 10.2.23.21 255.255.255.248
object network mobilizer ip flow ingress
nat (MOBILE-BANKING,OUTSIDE) static 172.16.224.33 ip nat outside
ip virtual-reassembly in
object network mobilizer
host 192.168.51.2 interface GigabitEthernet0/1.371
description *** Multinet SIP + CallCentre ***
AT Internet RTR 10.133.50.19: encapsulation dot1Q 371
ip address 10.99.35.98 255.255.255.240
ip nat outside
ip nat inside source static 192.168.51.35 10.2.23.20 Wateen ip virtual-reassembly in
ip nat inside source static 192.168.51.5 10.99.35.99 Multinet
interface GigabitEthernet0/0.508
ip route 125.209.93.193 255.255.255.255 10.99.35.97 Multinet description *** Connected to ASA***
ip route 10.64.1.39 255.255.255.255 10.2.23.17 Wateen encapsulation dot1Q 508
ip address 103.247.66.3 255.255.255.248
ip route 192.168.51.5 255.255.255.255 103.247.66.1 Towards-MB-ASA ip nat inside
ip route 192.168.51.35 255.255.255.255 103.247.66.1 standby 250 ip 103.247.66.2
standby 250 priority 150
standby 250 preempt