Setup Reference guide for PBX to SBC interconnection Method of connection by "LAN interface only" i.e. SBC is placed behind the Perimeter Router / Fire-wall. Panasonic PBX (KX-TDE, NCP series), Media5 Session Border Controller (Mediatrix 501 series) Version 1.1 (PSNJ) 6 th March 2013 Attention: The content of this document is made up by verification results. It is no guarantee. Models Used during verification: Panasonic IP-PBX KX-TDE100 (Ver6) Media5 SBC Mediatrix501 (Firmware 5.35-M4) Panasonic SIP Phone KX-UT series SIP telephones (Version 01.221). Panasonic System Networks Co., Ltd.
Change history Version NO. Ver. 1.0 CONTENTS OF REVISION First edition Support PSN (Japan) Checked by Checked by Author Oonishi 15 Feb 2013 Ver. 1.1 Fix the figures in section 5 Oonishi 6 th Mar 2013 2
Table of Contents Change history...2 Table of Contents...3 1. Introduction and Objective...5 2. Approach to Interconnection...6 3. System configuration example...7 3.1 Diagram of system configuration example...7 3.2 Settings:...7 3.2-1 SBC Contents of Main Network Settings (Example)...7 3.2-2 Existing (Main) Router - Contents of Main Network Settings (Example)...8 3.2-3 Existing (Main) Router - Contents of Port forward Settings (Example)...8 3.2-4 IP-PBX - Contents of Main Network and SIP Settings...8 3.2-5 IP-PBX - Contents of Main SIP Extension Settings...8 3.2-6 Maintenance PC - Contents of Network Settings example...9 3.2-7 Remote Office SIP Terminal - Contents of Settings...9 3.2-8 Remote Office Existing Router - Contents of main network settings...10 3.2-9 Remote office router contents of port forward settings...10 3.2-10 SBC Configuration Sheet (LAN Interface only)...11 3.2-11 Firmware Revision...12 3.2-12 PBX (KX-TDE100) and UT-Extension Firmware Revision...12 4. Initial set-up of the PBX...13 5. Programming the SIP Extension into the PBX...16 6. Initial setting of the Mediatrix SBC (Mediatrix 500 series)...18 6.1 In Preparation of Network...18 6.2 In Network Configurations (1)...21 6.3 In Network Configurations (2)...25 6.4 In SIP Server Setting...29 6.5 In SIP Switch Advanced...30 6.6 In SIP Advanced...31 7. Configure the Router Port Forwarding...33 8. Remote Office SIP Extension Settings (Example, Panasonic KX-UT123)...34 9. Operation...37 10. Further SBC Information and Configuration...37 11. Management...38 11.1 Reset SBC to Factory Defaults...38 11.2 SBC Configuration Backup...39 11.3 Restore Settings...41 11.4 Reset the UT-SIP Phone to Factory default...42 11.5 Allow the access to web page on UT-SIP Phone....42 3
12 Troubleshooting...43 12.1 REGISTER Flood Attack...43 13. Appendix...45 Trademarks Microsoft, Windows, Windows XP and Internet Explorer are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks identified herein are the property of their respective owners. Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation. 4
1. Introduction and Objective A Session Border Controller is required to supplement existing IP-PBX functionality. It will provide the means of establishing a simple remote office connection (Allowing the use of remote SIP extensions of the IP-PBX without the need for a PPTP, IPSEC, GRE or Hosted VPN Solution). **** Please Note: HTTPS/SSL is VPN Technology **** This Setup Reference Guide describes the configuration to interconnect between the Panasonic PBX (KX-TDE series, KX-NCP series), the Media5 Session Border Controller (SBC), and remote SIP extensions. The items above are interconnected using SIP protocol. The global IP address (also known as public IP address) of the main office is used to interconnect them. Results (confirmed operation): (1-1) Receiving and making a Call Calls between extensions are possible. The Caller ID (internal phone number) is displayed on the LCD screen of Panasonic terminal and SIP Extension. Incoming calls from PBX trunk lines also display the Caller ID (according to system settings). (1-2) Conversation with G.711 and G.729 Use of the above codecs is possible, providing PBX settings allow this. (e.g. KX-TDE100 (V-SIPEXT) settings) (1-3) Placing a call on-hold and retrieving a Call that is on-hold These features are confirmed by KX-TDE100 control. (1-4) Transferring Call The transferring of a Call to another destination is confirmed by KX-TDE100 control. Attention: The content of this document is made up by verification results. It is no guarantee. 5
2. Approach to Interconnection (1) For the Panasonic PBX, the Virtual SIP Extension (V-SIPEXT32) is used to interconnect the PBX to a remote SIP extension (remote office) via the SBC. The SBC is placed behind the main router in the head office. For this setting of the SBC, only the LAN1 interface is used. There is no physical connection to the WAN or LAN2 ports. All SIP traffic between the PBX and the internet is routed through the SBC. (2) The SBC operates to ensure correct interconnection between the PBX V-SIPEXT32 virtual circuit card and the Remote office SIP phone. The SBC provides the following functions: - Remote office SIP phone address resolution and address translation within SIP messages. - Head office (any PBX extension) and the remote office (SIP telephone) can be seamlessly connected by the use of a PBX SIP extension. - Little or no dependence on the setting of the Router of the Remote-Office. (3) We recommend that you consider the bandwidth of Internet access in each country, to change the priority of voice Codec G.729 the remote side. This setting will need to change on Remote SIP Phones, it's not able to set with PBX. 6
3. System configuration example 3.1 Diagram of system configuration example 3.2 Settings: This section describes the network address scheme. Refer to later sections regarding entry of these and other settings. 3.2-1 SBC Contents of Main Network Settings (Example) Item Configuration Description example SBC LAN IP address 192.168.0.1 Need Fixed LAN IP address Subnet Mask 255.255.255.0 SBC LAN side subnet mask Access type Manual Select the connection type DNS Server IP Address 192.168.0.254 or 172.16.255.1 Router or Information offered by provider (Change to Global IP) DNS Server IP 2nd If required Default Gateway IP Address 192.168.0.254 Existing Router LAN IP Address Outside IP 10.0.0.1 (Change to Global IP) Information offered by provider assigned IP to SBC SIP Server UDP port numbers 15060 Recommended that don't use 5060 of default SIP port. SIP Routing Through External Firewall Media ports 35000-35999 Must match RTP Port-Forward settings of main router. 7
3.2-2 Existing (Main) Router - Contents of Main Network Settings (Example) Item Configuration example Description WAN IP global IP address 10.0.0.1 (Change to global IP address) Existing main router WAN IP address of assigned to the SBC. LAN IP address 192.168.0.254 Existing main router LAN IP address 3.2-3 Existing (Main) Router - Contents of Port forward Settings (Example) Protocol Range of port number Destination Description SIP 15060 192.168.0.1 Send SIP to SBC (SBC LAN IP address) RTP (Voice) 35000 35999 (Range must match SBC) 192.168.0.1 Send RTP to SBC (SBC LAN IP address) 3.2-4 IP-PBX - Contents of Main Network and SIP Settings PBXs IP address Settings and SIP Extension Settings (V-SIPEXT) Item Configuration example Description PBX MPR IP address 192.168.0.101 Example only (Fixed IP) PBX DSP IP address 192.168.0.102 Example only (Fixed IP) Net Mask 255.255.255.0 Example only Gateway 192.168.0.254 Main Router IP address DNS Settings (Preferred DNS IP Address) 192.168.0.254 or 172.16.255.1 Main Router IP address or Provider DNS (Change to Global IP) SIP Port Number (UDP Port No. for SIP Extension Server) 5060 Default (SIP Port Number) V-SIPEXT32 Card Property Port Number 3.2-5 IP-PBX - Contents of Main SIP Extension Settings Item Configuration example Description SIP Extension port 5060 PBXs SIP EXT Server port SIP Extension Number 301 Example Password ohayou301 SIP Extension Number Password 302 ohayou302 Example (If required) 8
3.2-6 Maintenance PC - Contents of Network Settings example (2) initial setting of the SBC while temporarily change, and then (1) Connecting the PC to LAN. Item Configuration example Description PC IP address (1) DHCP Example 192.168.0.31 (DHCP or fixed ; For fixed, confirm usable IP address first) PC IP address (2) * Temporarily change DHCP Example 192.168.20.31 When operational mode changed. (DHCP or fixed) Subnet Mask 255.255.255.0 Gateway DHCP Unused (in Fixed IP) DNS DHCP Unused (in Fixed IP) 3.2-7 Remote Office SIP Terminal - Contents of Settings Item Configuration example Description SIP terminal: IP address DHCP(Example, 192.168.10.1) SIP terminal: Netmask DHCP(Example, 255.255.255.0) SIP terminal: Gateway DHCP(Example, 192.168.10.254) Registrar Server Address 10.0.0.1 (Change to global IP address) (Set Head office main router WAN address of assigned to the SBC.) Registrar Server Port 15060 SBC SIP receiving port Proxy Server Address 10.0.0.1 (Change to global IP address) (Set Head office main router WAN address of assigned to the SBC.) Proxy Server Port 15060 SBC SIP receiving port SIP Service Domain 192.168.0.101:5060 Example PBX SIP Server Domain Need to add a :port number SIP source port 25060 Source port for outgoing SIP * Measures for SIP ALG function in Remote router. NAT Identity Keep Alive Interval 15 (second) Example (Default: 0) NAT Identity Supports Rport Yes Example (Default: No) SIP extension Number 301 Example Password ohayou301 SIP extension Number 302 Example (if required) Password ohayou302 G722 Enable-Yes, Priority-4 CODEC preference PCMA Enable-Yes, Priority-2 CODEC preference G726-32 Enable-No CODEC preference G729A Enable-Yes, Priority-1 CODEC preference PCMU Enable-Yes, Priority-3 CODEC preference 9
3.2-8 Remote Office Existing Router - Contents of main network settings Item Configuration example Description WAN global IP address Fixed IP or It will be different IP every time. Existing remote office router WAN IP address. LAN IP address 192.168.10.254 Existing remote office router LAN IP address 3.2-9 Remote office router contents of port forward settings It is not necessary to change any settings of the Router of the remote office when using a SIP telephone with Keep-Alive capability. (e.g.) Panasonic UT series SIP telephone. The UT series SIP phone can send the Keep Alive messages to the SBC (Blank UDP packets). 10
3.2-10 SBC Configuration Sheet (LAN Interface only) Example Section Part Item Setting value Description Home Active Profile Security Low Select Configuration Network Config Operational mode LANSIParator Select and reboot ET0 used as Outside Select IP Address 192.168.0.1 SBC IP address Subnet Mask 255.255.255.0 Access type Manual Select DNS Server IP Address 192.168.0.254 Example 2nd (DNS Server Address) 172.16.255.1 If required Default Gateway IP Address 192.168.0.254 Main Router LAN Address SIP Routing Through Extern Firewall Media Ports 35000-35999 Must much RTP Port forward setting of main router Outside IP (Change to global IP address) 10.0.0.1 Existing main router Mapped SBC IP SIP Server Allow to Register Inside users All Select Outside users All Select Allow outgoing calls from All Select Advanced Advanced SIP set Far End Nat Traversal (FENT) Select the check Detect endpoints behind same NAT Clear the check Authorized Users Method REGISTER URI * Direction Allow Authentication Inbound Select the check Select the check Authentication User IDs * Authorized Users Method INVITE URI Direction Allow Authentication *@192.168.0.101 Inbound Select the check Select the check Advanced Authentication User IDs * Reuse received nonces Allow RTP in reverse direction Reuse port number with same session Force Real Username on registration Clear the check Select the check Select the check Select the check Trusted Networks Check box Clear the check P-Asserted-ID 11
3.2-11 Firmware Revision Section Installed Firmware Device Information 5.35-M4 3.2-12 PBX (KX-TDE100) and UT-Extension Firmware Revision Section Installed Firmware KX-TDE100 IP-PBX Version 6.0 or Later KX-UT Phone Version Information 01.160 or Later 12
4. Initial set-up of the PBX 4.1 Start up software of Panasonic Unified Maintenance console. 4.2 Information Click to [OK] button 4.3 Enter Programmer Code: Enter INSTALLER ---> Next, click the [OK] button 4.4 Click on Connect(C) icon. 4.5 Enter IP Address: 192.168.0.101 (PBX MPR IP address) --> Next, click the [Connect] button. Please wait a moment 13
4.6 Confirmation of Activation Key Click on [1.Configuration] --> [1.Slot]. Then click the [Activation Key] button. Next, confirm SIP Extension (ch) line for Activation Key (in this case it is 4) Necessary: SIP Activated Key Confirm then click [OK] to close page. 4.7 Move mouse over virtual shelf --> Click [Select Shelf] to show Virtual Slots 14
4.8 Select [V-SIPEXT32] - Install [V-SIPEXT32] by drag and drop to slot (5 ~ 8). Next, move mouse over installed card and select [Card Property] Select V-SIPEXT32 Drag and drop 4.9 Card Property --> Confirm UDP Port Number for SIP Extension Server : 5060, as follows: Click on [OK] 15
5. Programming the SIP Extension into the PBX 5.1 Programming the SIP Extension into the PBX (How to make the SIP Extension) Move mouse over [V-SIPEXT32] and select [OUS]. and Click on [YES]. 5.2 Move mouse over virtual shelf --> Select [Port Property] 5.3 Edit the Extension Number and Password fields (click on them to enter data). (Example, Extension Number: 301, Password: ohayou301 Extension Number: 302, Password: ohayou302 ) Click on [Apply] and then [OK] 16
5.4 Move mouse over virtual shelf --> Select [INS] The V-SIP Extension32 Virtual card is restarted (change card back to INS). 5.5 Confirm the card has returned to [INS] status for [V-SIP Extension32 Virtual card] Check display shows green LED is ON. 17
6. Initial setting of the Mediatrix SBC (Mediatrix 500 series) 6.1 In Preparation of Network 6.1-1 The SBC has a default IP address of 192.168.0.1, Subnet mask: 255.255.255.0 Connect the ET1 of SBC and maintenance PC Network directly. The SBC s DHCP server function is running with the SBC, it s default setting. In this document, the Network setting is described using obtain an IP configuration automatically. As a matter of course you can use static IP address. 6.1-2 Confirmation of PC LAN settings to allow setup of Mediatrix SBC [View Network Connections] Select the LAN in use. 6.1-3 [Local Area Connection Properties] Right click and Select the [Properties]. I 18
6.1-4 Select [Internet Protocol (TCP/IP)] and Click on [Properties]. 6.1-5 Confirm Network Properties and Click on [OK]. Enter IP Address and Subnet mask for My PC Example Select the check box Obtain an IP address automatically Click to [OK] --> [Close] 19
6.1-6 Program start up [Command Prompt] (Start --> Accessories --> Command Prompt ) --> Enter [ipconfig /all] and check the Currently IP Address. 6.1-7 Enter [ping 192.168.0.1] then confirm the replying from the Mediatrix SBC. 20
6.2 In Network Configurations (1) 6.2-1 Access to Web Home, and Click on [Log in]. *Example http://192.168.0.1/ 6.2-2 To Enter Network Password Username: admin / Password: admin (Default). 21
6.2-3 Access to initial web page (HOME) --> Click on [Network] 6.2-4 Temporarily will change the LAN IP Address or just confirm it. You have to do in order of procedure if you need to set the 192.168.0.X segment. You can skip this section if existing LAN segment is different for SBC default LAN segment (192.168.0.X). To go to the section 6.3, if it's IP address of existing LAN segment in use. Example, Existing LAN segment 192.168.1.XXX and set to SBC LAN IP address 192.168.1.X., You can set the SBC directly. This is a setting limitation of SBC, because WAN and LAN can not set same segment at the same time while setting. These are default setting value. * [Note] Example: Error message! 22
6.2-5 Edit the LAN IP Address and DHCP Server range. Example IP Address: 192.168.20.1 DHCP Server Range: From 192.168.20.31 to 192.168.20.61 Edit the LAN IP Address, DHCP Server Raange. 6.2-6 The SBC automatically reboot, please wait a few minutes. 6.2-7 Configure the PC LAN IP address release and renew setting In this case, you can see that the new IP Address is 192.168.20.31. 23
6.2-8 Access to web 192.168.20.1 in the temporally and click on [Log in]. 6.2-9 Enter the User Name: admin / Password: admin (Default) then Click on [OK]. 6.2-10 Click on [Click here to save permanently] 24
6.3 In Network Configurations (2) 6.3-1 Move mouse over [Home] and Select [Overview] 6.3-2 Select Active Profile: [Low] and Click on [Change] 6.3-3 Click on [Click here to save permanently] and then Click on [Network]. 6.3-4 Confirmation of Active Profile: [Lo] and Click on [Network]. 6.3-5 Select Operational mode: [LAN SIParator] 25
6.3-6 Network Configuration [ET0 Settings] -- Select the Access type: [Manual] -- ET0 used as [outside] (Default) / IP Address: 192.168.0.1 / Subnet Mask: 255.255.255.0 [DNS Server] -- IP Address: 172.16.255.1 Example, (Change to Global IP or Router IP) [Default Gateway] -- IP Address: 192.168.0.254 Example, (Change to Existing Router IP) [SIP Routing Through Extern Firewall] -- Media ports: 35000-35999 (Default) -- Outside IP:10.0.0.1 Example, (Change to Global IP). Note) In this LAN SIParator mode, the SBC s DHCP server does not function on SBC s LAN. 6.3-7 Click on [Apply] 6.3-8 Click on [Save & Reboot] 26
6.3-9 Rebooting, please wait. (Need about 3 minutes) 6.3-10 Connect to SBC ET1(to ET4) and Maintenance PC for existing LAN segment. [Note] Don't connect the ET0/WAN. 6.3-11 Configure the IP Address, execute the release and renew. (Example, dynamic addressing) 27
6.3-12 Enter [ping 192.168.0.1] on Command Prompt. ---> Confirmation of Reply. 6.3-13 Access to web using new IP address and login again. Click on Configuration [Network] And then confirmation of Operational mode: [LANSIParator] And ET0 settings / DNS / Default Gateway / SIP Routing Trough Extern Firewall settings. [ET0 Settings] *Example -- Select the Access type: [Manual] -- ET0 used as [outside] (Default) / IP Address: 192.168.0.1 / Subnet Mask: 255.255.255.0 [DNS Server] -- IP Address: 172.16.255.1 (Change to Global IP or Router IP) [Default Gateway] -- IP Address: 192.168.0.254 (Change to Existing Router IP) [SIP Routing Through Extern Firewall] -- Media ports: 35000-35999 (Default) -- Outside IP:10.0.0.1 (Change to Global IP). *[Note] Need to factory-reset the SBC if you need to select the operational mode after once select it. 28
6.4 In SIP Server Setting 6.4-1 Move Mouse over [Applications] --> and Select [SIP Server] 6.4-2 Select Allow to register and Allow outgoing calls from -1. Inside Users: [All] (Default) -2. Outside Users: [All] -3. Allow outgoing calls from: [All] -4. Select the check box [and from others after authentication] (Default) 6.4-3 Click on [Apply] 6.4-4 Click on [Click here to save permanently] 29
6.5 In SIP Switch Advanced 6.5-1 Move Mouse over [Applications] --> and Select [SIP Switch Advanced] 6.5-2 Enter the Authorized User. Example Ext: 301/ SIP Address: 301@192.168.0.101/ User ID: 301/ Password: ohayou301 Ext: 302/ SIP Address: 302@192.168.0.101/ User ID: 302/ Password: ohayou302 6.5-3 Click on [Apply]. 6.5-4 Click on [Click here to save permanently] 30
6.6 In SIP Advanced 6.6-1 Move Mouse over [Applications] --> and Select [SIP Advanced] 6.6-2 Configuration of Advanced SIP Settings -1 Select the check box [Far End Nat Traversal (FENT)] -2 Clear the check box [Detect endpoints behind same NAT (for shortest media path)]. -3Enter the Authorized Users: Method: REGISTER/URI: */Direction: inbound/allow: Select the check box/ Authenticate: Select the check box / Authentication User IDs: * Method: INVITE/URI: *@192.168.0.101/Direction: inbound/allow: Select the check box Authenticate: Select the check box / Authentication User IDs: * -4 Clear the check box [Reuse received nonces]: 31
6.6-3 Configuration of SIP Proxy Enter the SIP Server UDP port number: 15060 (Default: 5060) *[Note]: Refer to section 12.1 for details regarding SIP Register Flood attack, and explanation of why SIP default WAN side port of 5060 is not chosen. 6.6-4 Configuration of Advanced and you can confirm the RTP port range in this page. -1 Select the check box [Allow RTP in reverse direction] -2 Select the check box [Reuse port numbers within same session] -3 Select the check box [Force Real Username on registrations] 32
6.6-5 Configuration of Trusted networks Clear the check box [Enable] 6.6-6 Click on [Apply] 6.6-7 Click on [Click here to save permanently] 7. Configure the Router Port Forwarding 7.1 Existing (Main) Router - Contents of Port forward Settings (Example) Protocol Range of port number Destination Description SIP 15060 (UDP) 192.168.0.1 Send SIP to SBC (SBC LAN IP address) RTP (Voice) 35000 35999(UDP) (Range must match SBC) 192.168.0.1 Send RTP to SBC (SBC LAN IP address) 33
8. Remote Office SIP Extension Settings (Example, Panasonic KX-UT123) Connect the SIP-terminal to the LAN. The following explanation assumes the LAN supports DHCP. (e.g. DHCP server has given the SIP terminal the address 192.168.10.2). 8.1 On the telephone, press [Setting / Setup] --> Select the [Network Settings] --> Push [Enter] --> Select the [Embedded web] --> Push [ENTER] --> Select [ON] --> Push [ENTER] --> [Back] --> [Back]. Or press [Setting / Setup] [#],[5],[3],[4] Select [On] Press [Enter] 8.2 Confirmation of current IP Address. On the telephone, press [Setting / Setup] --> Select the [Information Display] --> Push [ENTER] --> Select the [IP Address] confirmation IP Address example 192.168.10.2 8.3 Access the SIP Terminal s web page (using previously read IP address). e.g. http://192.168.10.2/ User Name: admin Password: adminpass Click on [OK] 8.4 Confirm [Version Information]: (Software version must be at or later than the version shown) 34
8.5 Confirm the [Network Status]: (DHCP has setup detail OK) 8.6 VoIP SIP Settings (1/3) 8.6-1 Click on [VoIP] --> SIP Settings --> [Line1] SIP Settings - [Line 1] (1 of 3) Phone Number: 301 [SIP Server] Register Server Address: 10.0.0.1 Register Server Port: 15060 Proxy Server Address: 10.0.0.1 Proxy Server Port: 15060 Note: Replace 10.0.0.1 with the WAN address of Head office main router. 8.6-2 SIP Settings (2/3) SIP Settings - [Line 1] (2 of 3) SIP Service Domain: 192.168.0.101:5060 SIP Source Port: 25060 Authentication ID: 301 Authentication Password: ohayou301 35
8.6-3 SIP Settings (3/3) SIP Settings [Line 1] (3 of 3) Keep Alive Interval: 15 Supports Rport (RFC 3581) Click to check the [Yes] box Next click on [Save] 8.6-4 Check the [Complete] Message. 8.7 VoIP Codec Settings 8.7-1 Click VoIP Settings [Line1] 8.7-2 Configure [CODEC Preference] --> Click on [Save] Configure Codec Preference as following Example, G722: Enable / Priority: 4 PCMA: Enable / Priority: 2 G726-32: Disable G729A: Enable / Priority: 1 PCMU: Enable / Priority: 3 The configuration is completed! Click on [Save] 36
9. Operation Try the basic calls. We confirm the following operation by settings in this Reference Guide. 9.1 Incoming Call and making Call The Caller ID is displayed on the LCD screen of Panasonic terminal and SIP Extension. 9.2 Conversation with G.711 and G.729 The more than single codec is already set in KX-TDE100 (V-SIPEXT) 9.3 Holding Call and retrieving Call held These features are confirmed by KX-TDE100 control. 9.4 Transferring Call The transferring Call are confirmed by KX-TDE100 control. 10. Further SBC Information and Configuration All documents are available online on the Mediatrix Download Portal at https://support.mediatrix.com/downloadplus/download.asp. Or on the web site at the following link http://www.mediatrix.com/en/sessionbordercontroller Under the documentation tab. 37
11. Management 11.1 Reset SBC to Factory Defaults If you wish to you can reset all settings to their original values, so your Mediatrix 500 Series unit is setup the same way as when delivered from the factory. 1. Press and hold [SET] (1) pressed for 3 seconds, to enter setup mode. 2. Press [SEL] (2) repeatedly until RST appears in the display. 3. Press [SET](1). 4. The question Clear all? appears, and then no. 5. Press [SEL](2) to choose YES. 6. Press [SET](1). 38
11.2 SBC Configuration Backup 11.2-1 Move Mouse over [Configurations] and Select [Administration]. 11.2-2 Enter the Password: 123456 and then Click on [Backup to file]. Example 11.2-3 Click on [Save] 39
11.2-4 Save As Select the Save Folder and Enter the File name [settings.txt] Example(Default). 40
11.3 Restore Settings 11.3-1 Enter the Password: 123456(When saving) and then Click on [Browse ]. 11.3-2 Choose file: settings.txt (Example) and then Click on [Open]. 41
11.3-3 Click on [Go] 11.3-4 Rebooting, please wait after the restore was successful. 11.4 Reset the UT-SIP Phone to Factory default. Press [Settings] [#],[1],[3],[6] [Enter] --> Select [Yes] press [Enter] 11.5 Allow the access to web page on UT-SIP Phone. Press [Settings] [#],[5],[3],[4] [Enter] 42
12 Troubleshooting 12.1 REGISTER Flood Attack The Figure below shows a REGISTER Flood attack example. The attack begins with OPTIONS message. Then, the attacker sends a great many REGISTER messages. The source address changes irregularly. The symptom of this type of attack is the PBX temporarily becomes un-responsive, (It is very busy sending 404 Not Found messages until the attacks over). Countermeasure: In the Switch Advanced, Configure a new entry in the Incoming Call Blacklist from captured packets. 12.1-1 Move mouse over Applications in SIP Advanced. 43
12.1-2 Configure a new entry in the Incoming Call Blacklist from captured packets. User-Agent=*Attacker* (Example) These are default setting value. Enter the new entry in Blacklist.. 12.1-3 Click on [Click here to save permanently] 44
13. Appendix 13.1 SBC Configuration Check Sheet (LAN Scenario) Section Part Item Setting value Description Home Active Profile Security Low Select Configuration Network Config Operational mode LANSIParator Select and reboot ET0 used as Outside IP Address Subnet Mask SBC LAN IP address SBC LAN Net Mask Access type Manual DNS Server IP Address DNS or Main Router IP 2nd (DNS server IP Address) If required Default Gateway IP Address Main Router LAN IP SIP Routing Through Extern Firewall Media Ports (Default 35000-35999) Outside IP Must much RTP Port forward setting of main router Existing main router Mapped SBCs IP SIP Server Allow to Register Inside users All Select: All Outside users All Select: All Allow outgoing calls from All Select : All Advanced Advanced SIP set Far End Nat Traversal (FENT) Select the check Detect endpoints behind same NAT Clear the check Authorized Users Method REGISTER URI * Direction Inbound Select: Inbound Allow Authentication Clear the check Clear the check Authentication User IDs * Authorized Users Method INVITE URI *@PBX IP Direction Inbound Select: Inbound Allow Authentication Select the check Select the check Authentication User IDs * Advanced Reuse received nonces Clear the check Allow RTP in reverse direction Reuse port number with same session Force Real Username on registration Select the check Select the check Select the check Trusted Networks Check box Clear the check 45