network based recording configuration guide cisco unified

Network Based Recording

Configuration Guide

Cisco Unified Communications Manager (CUCM) and Cisco

Unified Border Element (CUBE)

August 2020

2 Amazon Web Services

Document History

Rev. No.

Date

Description

1.0 Aug-07-2020 Draft SIP Trunk Configuration Guide

1.1 Aug-10-2020 Updated the document based on feedback

1.2 Oct-15-2020 Updated the document based on feedback

1.3 Nov-19-2020 Updated the document based on feedback

1.4 Feb-03-2021 Updated the document based on feedback


Table of Contents 1 Audience ........................................................................................................................... 5

1.1 Amazon Chime Voice Connector ............................................................................ 5

2 SIP Trunking Network Components ............................................................................. 6

2.1 Hardware Components ............................................................................................ 6

2.2 Software Requirements ........................................................................................... 6

3 Features ............................................................................................................................ 7

3.1 Features Supported ................................................................................................. 7

3.2 Features Not Supported .......................................................................................... 7

3.3 Features Not Tested ................................................................................................. 7

3.4 Caveats and Limitations .......................................................................................... 7

4 Configuration .................................................................................................................... 8

4.1 Configuration Checklist ........................................................................................... 8

4.2 IP Address Worksheet ............................................................................................. 8

4.3 Cisco UCM Configuration ......................................................................................... 9

4.3.1 Cisco UCM Login and Version .......................................................................... 9

4.3.2 Cisco UCM SIP Profile Configuration .............................................................. 9

4.3.3 Cisco UCM Device Pool Configuration ...........................................................14

4.3.4 Media Resources ...............................................................................................19

4.3.5 SIP Trunk Security Profile ...............................................................................21

4.3.6 SIP Trunk to Cisco UBE ...................................................................................22

4.3.7 Route Pattern ....................................................................................................27

4.4 Cisco UBE Configuration .........................................................................................29

4.4.1 Global Cisco UBE settings ...............................................................................29

4.4.2 Codecs ................................................................................................................29

4.4.3 Network Based Recording (NBR) ...................................................................30

4.4.4 Dial Peer ............................................................................................................32

4.4.5 Cisco UBE Running Configuration-NBR using TCP ......................................34

4.4.6 Cisco UBE Running Configuration-NBR using TLS ......................................44

Table of Figures Figure 1 Network Topology ................................................................................................................ 6

Figure 2: Cisco UCM software version ........................................................................................... 9


Figure 3 Cisco UCM SIP Profile ........................................................................................................ 10

Figure 4 Cisco UCM SIP Profile Contd., ........................................................................................ 11





Figure 9 Cisco UCM Audio Codec Preference List .................................................................... 15

Figure 10 Cisco UCM Region ............................................................................................................ 16

Figure 11 Cisco UCM Device Pool ................................................................................................... 17

Figure 12 Cisco UCM Device Pool Contd., ................................................................................... 18

Figure 13 Cisco UCM Device Pool Contd., ................................................................................... 19

Figure 14 Cisco UCM Media Resources Group ........................................................................... 20

Figure 15 Cisco UCM Media Resources Group List .................................................................. 21

Figure 16 Cisco UCM SIP Trunk Security Profile ...................................................................... 22

Figure 17 Cisco UCM SIP Trunk Security Profile Contd., ...................................................... 22

Figure 18 Cisco UCM SIP Trunk Configuration .......................................................................... 23

Figure 19 Cisco UCM SIP Trunk Configuration Contd., .......................................................... 24






Figure 25 Cisco UCM Route Pattern Configuration .................................................................. 27

Figure 26 Cisco UCM Route Pattern Configuration Contd., .................................................. 28

Figure 27 Cisco UCM Route Pattern Configuration Contd., .................................................. 28


1 Audience

This document is intended for technical staff and Value Added Resellers (VAR) with

installation and operational responsibilities. This configuration guide provides steps

for configuring Network Based Recording using Cisco Unified Communications

Manager (CUCM) and Cisco Unified Border Element (CUBE) to connect to

Amazon Chime Voice Connector for Streaming media to Kinesis.

The information in this document is for informational purposes only. AWS does not

guarantee the accuracy of this document and AWS has no responsibility or liability

for errors or omissions related to this document. The document is subject to

change without notice, and should not be construed as a commitment by AWS.

1.1 Amazon Chime Voice Connector

Amazon Chime Voice Connector is a pay-as-you-go service that enables companies

to make or receive secure phone calls over the internet or AWS Direct Connect

using their existing telephone system or session border controller (SBC). The

service has no upfront fees, elastically scales based on demand, supports calling

both landline and mobile phone numbers in over 100 countries, and gives

customers the option to enable inbound calling, outbound calling, or both.

Amazon Chime Voice Connector uses the industry-standard Session Initiation

Protocol (SIP). Amazon Chime Voice Connector does not require dedicated data

circuits. A company can use their existing Internet connection or AWS Direct

Connect public virtual interface for SIP connectivity to AWS. Voice connectors can

be configured in minutes using the AWS Management Console or Amazon Chime

API. Amazon Chime Voice Connector offers cost-effective rates for inbound and

outbound calls. Calls into Amazon Chime meetings, as well as calls to other Amazon

Chime Voice Connector customers are at no additional cost. With Amazon Chime

Voice Connector, companies can reduce their voice calling costs without having to

replace their on-premises phone system.


2 SIP Trunking Network Components

The network for the Network Based Recording (NBR) reference configuration is

illustrated below and is representative of Cisco UCM with Cisco UBE configuration.

Figure 1 Network Topology

2.1 Hardware Components

UCS-C240 VMWare server running ESXi 5.5 or later used for the following virtual machines

o Cisco Unified Communications Manager (CUCM)

Cisco UBE (CUBE) on Cisco ISR 4321 router

Cisco IP Phone(s)-7841

2.2 Software Requirements

Cisco UCM : 12.5.1.12900-115

Cisco UBE: 12.7.0 running on IOS-XE 16.12.03(isr4300-

universalk9.16.12.03.SPA.bin)


3 Features

3.1 Features Supported

Cisco NBR (Network Based Recording)

3.2 Features Not Supported

None

3.3 Features Not Tested

None

3.4 Caveats and Limitations

None


4 Configuration

The specific values listed in this guide are used in the lab configuration described in

this document and are for illustrative purposes only. You must obtain and use the

appropriate values for your deployment. Encryption is always recommended if

supported.

4.1 Configuration Checklist

This section presents an overview of the steps that are required to configure Cisco

UCM and Cisco UBE for SIP Trunking with Amazon Chime Voice Connector.

Table 1 – PBX Configuration Steps

Steps Description Reference

Step 1 Cisco UCM Configuration Section 4.3

Step 2 Cisco UBE Configuration Section 4.4

Step 3 Amazon Chime Voice Connector Configuration Amazon Chime Voice Connector

4.2 IP Address Worksheet

The specific values listed in the table below and in subsequent sections are used in

the lab configuration described in this document and are for illustrative purposes

only. The customer must obtain and use the values for your deployment.

Table 2 – IP Addresses

Component Lab Value

Cisco UBE

LAN IP Address 10.80.11.17

LAN Subnet Mask 255.255.255.0

Cisco UCM

IP Address 172.16.29.72

Subnet Mask 255.255.255.0

https://docs.aws.amazon.com/chime/latest/ag/voice-connectors.html

https://docs.aws.amazon.com/chime/latest/ag/voice-connectors.html


4.3 Cisco UCM Configuration

This section with screen shots taken from Cisco UCM used for the interoperability

testing gives a general overview of the PBX configuration.

4.3.1 Cisco UCM Login and Version

Open an instance of a web browser and connect to the CUCM,

Log in using an appropriate user ID and password. Verify the system version

being tested.

Figure 2: Cisco UCM software version

4.3.2 Cisco UCM SIP Profile Configuration

1. Navigate to Device ->Device Settings-> SIP Profile. 2. On the screen that appears, copy the “Standard SIP Profile” and save the

SIP Profile with the name Standard SIP Profile-AWS and configure the SIP Profile as below.

3. Then click Save and then Apply Config


Figure 3 Cisco UCM SIP Profile


Figure 4 Cisco UCM SIP Profile Contd.,



4.3.3 Cisco UCM Device Pool Configuration

4.3.3.1 Codec Preference list

1. Navigate to System Region Information Audio Codec Preference

List 2. Click Add New

3. Provide a Name and Description: G711_Preferred Codec List was used in this test

4. Prioritize codecs as shown below


Figure 9 Cisco UCM Audio Codec Preference List

4.3.3.2 Region

1. Navigate to System Region 2. Click Add New

3. Provide a Name: G711_Region was used in this test 4. Associate the codec preference list G711_Preferred Codec List to this

Region


Figure 10 Cisco UCM Region

4.3.3.3 Device Pool

1. Navigate to System Device Pool 2. Click Add New

3. Provide a Device Pool Name: G711_pool was used in this test 4. Associate the Region: G711_Region to this Device Pool

5. Associate the Media resource Group List: MRGL_SW_No_MTP 6. Leave all other parameters at their default settings 7. Click Save


Figure 11 Cisco UCM Device Pool


Figure 12 Cisco UCM Device Pool Contd.,


Figure 13 Cisco UCM Device Pool Contd.,

4.3.4 Media Resources

4.3.4.1 Media Resources Group

1. Navigate to Media Resources -> Media Resource Group. 2. Add New.

3. Provide a Name: MRG With SW_NOMTP was used in this test 4. Select Media Resources from the Available Media Resources


Figure 14 Cisco UCM Media Resources Group

4.3.4.2 Media Resources Group List

1. Navigate to Media Resources -> Media Resource Group List 2. Add New

3. Provide a Name: MRGL_SW_No_MTP was used in this test 4. Select the media resource group from the list of Available Media Resource

Groups

5. Click on Save


Figure 15 Cisco UCM Media Resources Group List

4.3.5 SIP Trunk Security Profile

1. Navigate to: SystemSecurity Non Secure SIP Trunk Profile 2. Provide a Name: Non Secure SIP Trunk Profile-AWS was used for this test

3. Select Incoming Transport Type: TCP+UDP was used in this test 4. Select Outgoing Transport Type: UDP was used in this test 5. Click Save

https://10.80.21.2/ccmadmin/sipTrunkSecurityProfileEdit.do?key=0fd98c54-30ba-4bfd-83e7-eacfe1a2beae


Figure 16 Cisco UCM SIP Trunk Security Profile

Figure 17 Cisco UCM SIP Trunk Security Profile Contd.,

4.3.6 SIP Trunk to Cisco UBE

1. Navigate to Device Trunk

2. Provide a Device Name: AmazonSIPTrunkCUBE 3. Provide a Description: AmazonSIPTrunkCUBE 4. Set Device Pool: G711_pool

5. Set Destination Address: Set IP address of Cisco UBE 6. Set SIP Trunk Security Profile: Non Secure SIP Trunk Profile-AWS

7. Set SIP Profile: Standard SIP Profile – AWS 8. Set DTMF Signaling Method: RFC2833


Figure 18 Cisco UCM SIP Trunk Configuration


Figure 19 Cisco UCM SIP Trunk Configuration Contd.,



4.3.7 Route Pattern

1. Navigate to Call Routing -> Route/Hunt-> Route Pattern 2. Select Add New to create a new Route Pattern

3. The route pattern “9.[0-9]![0-9#]” was configured to enable outbound dialing from CUCM to PSTN using the access code as “9”.

4. Set Gateway/Route List: AmazonSIPTrunkCUBE

5. Set Discard Digits: PreDot was used in this test (configure this option to remove the prefix ‘9’ from called party number while sending the call out to

Cisco UBE) 6. Click on Save

Figure 25 Cisco UCM Route Pattern Configuration


Figure 26 Cisco UCM Route Pattern Configuration Contd.,

Figure 27 Cisco UCM Route Pattern Configuration Contd.,


4.4 Cisco UBE Configuration

This section with configuration taken from Cisco UBE used for the interoperability

testing gives a general overview of the Cisco UBE configuration.

4.4.1 Global Cisco UBE settings voice service voip

ip address trusted list

ipv4 10.64.1.72

address-hiding

mode border-element license capacity 20

allow-connections sip to sip

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw

sip

session refresh

asserted-id pai

early-offer forced

midcall-signaling passthru

g729 annexb-all

pass-thru headers unsupp

4.4.2 Codecs voice class codec 1

codec preference 1 g711ulaw

codec preference 2 g711alaw


4.4.3 Network Based Recording (NBR)

4.4.3.1 NBR Common configuration for TCP and TLS

4.4.3.1.1 SIP Profile

voice class sip-profiles 300

rule 3 request INVITE sip-header X-Voice-Connector-Record-Only add "X-Voice-Connector-Record-Only: true"

4.4.3.1.2 Media Profile

media profile recorder 8010

media-type audio

media-recording 5980090 200 201

4.4.3.1.3 Media Class

media class 8010

recorder profile 8010

4.4.3.2 NBR specific configuration using TCP

4.4.3.2.1 Dial-Peer to Amazon Chime Voice Connector

dial-peer voice 5980090 voip

description DP_AmazonVCRecording

destination-pattern +1972598XXXX

session protocol sipv2

session target dns: dtndXXXX.voiceconnector.chime.aws

session transport tcp

voice-class codec 1

voice-class sip localhost dns: dtndXXXX.voiceconnector.chime.aws preferred

voice-class sip profiles 300

voice-class sip bind control source-interface GigabitEthernet0/0/1


voice-class sip bind media source-interface GigabitEthernet0/0/1

media-class 8010

no vad

4.4.3.3 NBR specific configuration using TLS

4.4.3.3.1 Trust point for Amazon in CUBE

crypto pki trustpoint AMZVCROOT

enrollment terminal pem

chain-validation continue AMZVCROOT

revocation-check none

4.4.3.3.2 SIP-UA

sip-ua

sip-server dns: dtndXXXX.voiceconnector.chime.aws:5061

crypto signaling default trustpoint AMZVCROOT

4.4.3.3.3 Dial-Peer to Amazon Chime Voice Connector for Call Recording





session target sip-server

session transport tcp tls

voice-class codec 1

voice-class sip localhost dns: dtndXXXX.voiceconnector.chime.aws preferred





media-class 8010

no vad

4.4.4 Dial Peer

Inbound Dial Peer for Cisco UCM dial-peer voice 100 voip

description *** Inbound Call from CUCM to CUBE-LAN ***


session transport udp

incoming uri via CUCM

voice-class codec 1



dtmf-relay rtp-nte

no vad

Inbound Dial Peer for Gateway dial-peer voice 201 voip

description *** Inbound Call from GW to CUBE-WAN ***



incoming called-number 97259XXX[XX,XX]

voice-class codec 1



media-class 8010

dtmf-relay rtp-nte

no vad


Outbound Dial Peer to Cisco UCM


description *** Outbound Call from CUBE-LAN to CUCM****

destination-pattern 972.T


session target ipv4:172.16.29.72:5060


voice-class codec 1



dtmf-relay rtp-nte

no vad

Outbound Dial Peer to Gateway


description *** Outbound Call from CUBE-WAN to GW****

destination-pattern [0-9]T




voice-class codec 1



media-class 8010

dtmf-relay rtp-nte

no vad


4.4.5 Cisco UBE Running Configuration-NBR using TCP

AWS#show running-config

Building configuration...

Current configuration : 9642 bytes

!

! Last configuration change at 19:32:50 UTC Mon Aug 3 2020

!

version 16.12

service timestamps debug datetime msec

service timestamps log datetime msec

service call-home

platform qfp utilization monitor load 80

platform punt-keepalive disable-kernel-core

!

hostname AWS

!

boot-start-marker

boot system bootflash:isr4300-universalk9.16.12.03.SPA.bin

boot-end-marker

!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!


enable secret 9 $9$DAONczqfksYMq.$1nJ.Td5KaMUYcK305qkOQatBCnBakkRjJDDCfFSji2w

!

no aaa new-model

call-home

! If contact email address in call-home is configured as [email protected]

! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.

contact-email-addr [email protected]

profile "CiscoTAC-1"

active

destination transport-method http

no destination transport-method email

!

!

ip name-server 8.8.8.8

!

!

!

login on-success log

!

!

subscriber templating

!

multilink bundle-name authenticated

!

!

!

crypto pki trustpoint SLA-TrustPoint

enrollment pkcs12

revocation-check crl

!

crypto pki trustpoint TP-self-signed-1000368024


enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1000368024


rsakeypair TP-self-signed-1000368024

!

!

crypto pki certificate chain SLA-TrustPoint

certificate ca 01

30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030

32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363

6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934

3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305

43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720

526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030

82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D

CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520

1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE

4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC

7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188

68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7

C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191

C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44

DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201


06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85

4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500

03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905

604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B

D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8

467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C

7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B

5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678

80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB

418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0

D697DF7F 28

quit

crypto pki certificate chain TP-self-signed-1000368024

certificate self-signed 01

30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31303030 33363830 3234301E 170D3230 30373136 31363136

30385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30303033

36383032 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201

0A028201 0100A466 7BD2E24F DEC42E92 F11A8A3C 36698869 081CDED4 A05064F9

CAE00BAB 3E104782 A54BA960 113BDCB3 EF154AA0 84822B65 73D6BE90 F1EE81BA


1FE7A5A8 86C39863 C06CAC48 120ED5DE A14A5BB4 0B72CFD1 62C73D18 FBCA59C7

F19870D0 2B40826C 0B69AB69 54E8B50C F678ACFB 14CC30A7 64AB0505 7E68F3E9

5FDB6FA9 09F9C9BF 4AF3E5FF 9738B733 100D6508 26999D86 12E1652D 818234A9

7E269F88 6C8FF312 78C7F6CF CC47248D 1CB9A972 5A2E7D19 2A8BE4E0 F9278C2D

2EB77788 D3997D2A 2FD7A592 7D625BF9 1E661B4B 70863F43 69AA57F1 59972568

AFB9FFCC 909BCB77 E095F09D 40374D9B 1A3CF00C 13B270FC 0E6C38C2 424110D5

BAFE746F D3530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF

301F0603 551D2304 18301680 14DA9481 7E3526AA 493333DF 6D5FAA1F D8F83EAC

A1301D06 03551D0E 04160414 DA94817E 3526AA49 3333DF6D 5FAA1FD8 F83EACA1

300D0609 2A864886 F70D0101 05050003 82010100 2786E608 3BCCE390 A7C1C327

00773640 CFA51404 E390D733 2C422C40 B3C1C9D4 8B6A8E59 99EA7277 344E7E31

B2910364 E09AFE2B D0AEACCA 1D27BD92 F002AC39 26E6E311 D5F14897 56142562

830C988B D54F7D04 F0883E79 AF99D600 72C46569 D4ED3FB1 0E3AC367 9ED7C7B5

AFA0EF3C 6C1222BC 1E0CC5C5 1154DF2B 440B3694 38BEF4FC C67ABA10 219FC43C

8BF01E27 6887A5F0 2E611DF8 FDE33D19 9487CA33 9EDAFF66 CD067A4C 24DF53F2

EE4138C6 31B677F6 4DFD8823 2452B63E 968BC892 76E7524D 8BCED79F 203A27A7

77ACE59F E5B8294F D25418CD 5F715245 DAACA243 63C0DF26 44793B30 CA974682

5C41FCAF 92EA88F3 DA638A3A 2F0D576E 3620F903

quit

!

!

!


!

voice service voip


ipv4 10.64.1.72

address-hiding




sip

session refresh

asserted-id pai

early-offer forced


g729 annexb-all


!

!

voice class uri CUCM sip

host 172.16.29.72

voice class codec 1



!

!



!

!


media-type audio



!

media class 8010


!

!

voice-card 0/4

no watchdog

!

no license feature hseck9

license udi pid ISR4321/K9 sn FDO211100KK

license accept end user agreement

license boot suite AdvUCSuiteK9

license boot level appxk9

license boot level securityk9

memory free low-watermark processor 67123

!

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

!

redundancy

mode none

!

!

interface GigabitEthernet0/0/0

description CUBE to CUCM

ip address 10.64.4.136 255.255.0.0

negotiation auto

!


description CUBE to AWS

ip address 10.80.11.17 255.255.0.0


media-type rj45

negotiation auto

!

interface Service-Engine0/4/0

!

interface GigabitEthernet0

vrf forwarding Mgmt-intf

no ip address

negotiation auto

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http client source-interface GigabitEthernet0/0/1

ip route 0.0.0.0 0.0.0.0 10.80.11.1

ip route 10.64.0.0 255.255.0.0 10.64.1.1

ip route 172.16.24.0 255.255.248.0 10.64.1.1

ip route 172.17.5.0 255.255.255.0 10.64.1.1

!

!

control-plane

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!







voice-class codec 1



dtmf-relay rtp-nte

no vad

!







voice-class codec 1



dtmf-relay rtp-nte

no vad

!






voice-class codec 1



media-class 8010

dtmf-relay rtp-nte

no vad


!







voice-class codec 1



media-class 8010

dtmf-relay rtp-nte

no vad

!





session target dns:dtndXXXX.voiceconnector.chime.aws

session transport tcp

voice-class codec 1

voice-class sip localhost dns:dtndXXXX.voiceconnector.chime.aws preferred




media-class 8010

no vad

!

!

!

line con 0

exec-timeout 0 0


stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 0 0

password XXXXX

login

transport input telnet

!

end

4.4.6 Cisco UBE Running Configuration-NBR using TLS

AWS#show running-config

Building configuration...

Current configuration : 11920 bytes

!

! Last configuration change at 16:03:09 UTC Tue Aug 4 2020

!

version 16.12

service timestamps debug datetime msec

service timestamps log datetime msec

service call-home

platform qfp utilization monitor load 80

platform punt-keepalive disable-kernel-core

!

hostname AWS

!

boot-start-marker

boot system bootflash:isr4300-universalk9.16.12.03.SPA.bin

boot-end-marker


!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

enable secret 9 $9$DAONczqfksYMq.$1nJ.Td5KaMUYcK305qkOQatBCnBakkRjJDDCfFSji2w

!

no aaa new-model

call-home

! If contact email address in call-home is configured as [email protected]

! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.

contact-email-addr [email protected]

profile "CiscoTAC-1"

active

destination transport-method http

no destination transport-method email

!

!

ip name-server 8.8.8.8

!

!

!

login on-success log

!

!

subscriber templating


!

multilink bundle-name authenticated

!

!

crypto pki trustpoint SLA-TrustPoint

enrollment pkcs12

revocation-check crl

!

crypto pki trustpoint TP-self-signed-1000368024

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1000368024


rsakeypair TP-self-signed-1000368024

!

crypto pki trustpoint AMZVCROOT

enrollment terminal pem

chain-validation continue AMZVCROOT


!

!

crypto pki certificate chain SLA-TrustPoint

certificate ca 01

30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030

32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363

6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934

3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305

43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720

526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030


82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D

CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520

1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE

4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC

7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188

68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7

C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191

C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44

DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201

06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85

4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500

03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905

604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B

D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8

467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C

7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B

5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678

80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB

418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0

D697DF7F 28

quit


crypto pki certificate chain TP-self-signed-1000368024

certificate self-signed 01

30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31303030 33363830 3234301E 170D3230 30373136 31363136

30385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30303033

36383032 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201

0A028201 0100A466 7BD2E24F DEC42E92 F11A8A3C 36698869 081CDED4 A05064F9

CAE00BAB 3E104782 A54BA960 113BDCB3 EF154AA0 84822B65 73D6BE90 F1EE81BA

1FE7A5A8 86C39863 C06CAC48 120ED5DE A14A5BB4 0B72CFD1 62C73D18 FBCA59C7

F19870D0 2B40826C 0B69AB69 54E8B50C F678ACFB 14CC30A7 64AB0505 7E68F3E9

5FDB6FA9 09F9C9BF 4AF3E5FF 9738B733 100D6508 26999D86 12E1652D 818234A9

7E269F88 6C8FF312 78C7F6CF CC47248D 1CB9A972 5A2E7D19 2A8BE4E0 F9278C2D

2EB77788 D3997D2A 2FD7A592 7D625BF9 1E661B4B 70863F43 69AA57F1 59972568

AFB9FFCC 909BCB77 E095F09D 40374D9B 1A3CF00C 13B270FC 0E6C38C2 424110D5

BAFE746F D3530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF

301F0603 551D2304 18301680 14DA9481 7E3526AA 493333DF 6D5FAA1F D8F83EAC

A1301D06 03551D0E 04160414 DA94817E 3526AA49 3333DF6D 5FAA1FD8 F83EACA1

300D0609 2A864886 F70D0101 05050003 82010100 2786E608 3BCCE390 A7C1C327

00773640 CFA51404 E390D733 2C422C40 B3C1C9D4 8B6A8E59 99EA7277 344E7E31


B2910364 E09AFE2B D0AEACCA 1D27BD92 F002AC39 26E6E311 D5F14897 56142562

830C988B D54F7D04 F0883E79 AF99D600 72C46569 D4ED3FB1 0E3AC367 9ED7C7B5

AFA0EF3C 6C1222BC 1E0CC5C5 1154DF2B 440B3694 38BEF4FC C67ABA10 219FC43C

8BF01E27 6887A5F0 2E611DF8 FDE33D19 9487CA33 9EDAFF66 CD067A4C 24DF53F2

EE4138C6 31B677F6 4DFD8823 2452B63E 968BC892 76E7524D 8BCED79F 203A27A7

77ACE59F E5B8294F D25418CD 5F715245 DAACA243 63C0DF26 44793B30 CA974682

5C41FCAF 92EA88F3 DA638A3A 2F0D576E 3620F903

quit

crypto pki certificate chain AMZVCROOT

certificate ca 066C9FCF99BF8C0A39E2F0788A43E696365BCA

<XXXX XXXX XXXX XXXX>

quit

!

!

!

!

voice service voip


ipv4 10.64.1.72

address-hiding




sip

session refresh

asserted-id pai

early-offer forced



g729 annexb-all


!

!

voice class uri CUCM sip

host 172.16.29.72

voice class codec 1



!

!



!

!


media-type audio


!

media class 8010


!

!

voice-card 0/4

no watchdog

!

no license feature hseck9

license udi pid ISR4321/K9 sn FDO211100KK

license accept end user agreement

license boot suite AdvUCSuiteK9

license boot level appxk9

license boot level securityk9


memory free low-watermark processor 67123

!

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

!

redundancy

mode none

!


description CUBE to CUCM

ip address 10.64.4.136 255.255.0.0

negotiation auto

!


description CUBE to AWS

ip address 10.80.11.17 255.255.0.0

media-type rj45

negotiation auto

!

interface Service-Engine0/4/0

!

interface GigabitEthernet0

vrf forwarding Mgmt-intf

no ip address

negotiation auto

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server


ip http client source-interface GigabitEthernet0/0/1

ip route 0.0.0.0 0.0.0.0 10.80.11.1

ip route 10.64.0.0 255.255.0.0 10.64.1.1

ip route 172.16.24.0 255.255.248.0 10.64.1.1

ip route 172.17.5.0 255.255.255.0 10.64.1.1

!

!

control-plane

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!






voice-class codec 1



dtmf-relay rtp-nte

no vad

!








voice-class codec 1



dtmf-relay rtp-nte

no vad

!






voice-class codec 1



media-class 8010

dtmf-relay rtp-nte

no vad

!







voice-class codec 1



media-class 8010

dtmf-relay rtp-nte


no vad

!





session target sip-server

session transport tcp tls

voice-class codec 1

voice-class sip localhost dns:dtndXXXX.voiceconnector.chime.aws preferred




media-class 8010

no vad

!

sip-ua

sip-server dns:dtndXXXX.voiceconnector.chime.aws:5061

crypto signaling default trustpoint AMZVCROOT

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 0 0

password XXXXX

login

transport input telnet

!

end

network based recording configuration guide cisco unified

Documents