Application Note

Public

Connecting Google Voice

SIP Link with Cisco Unified
Border Element (CUBE
v14.4) IOS-XE 17.6.2

June 13, 2023

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 1 of 47
Table of Contents
Introduction ........................................................................................................................... 5
Network Topology ................................................................................................................. 6
Tested System Components ................................................................................................. 7
Hardware ........................................................................................................................... 7
Software Used ................................................................................................................... 7
Features ................................................................................................................................ 8
Features Supported ........................................................................................................... 8
Features Not Supported ..................................................................................................... 8
Caveats ............................................................................................................................. 8
Google Voice SIP Link Configuration .................................................................................. 9
Configuring Cisco Unified Border Element for Google Voice SIP Link .................................. 10
Licensing ......................................................................................................................... 10
IP Networking .................................................................................................................. 11
Route To Google Voice SIP link & Internet .................................................................... 12
Route To PSTN-PBX .................................................................................................... 12
Domain Name............................................................................................................... 12
DNS Servers................................................................................................................. 12
NTP Servers ................................................................................................................. 12
Certificates ...................................................................................................................... 13
Generate RSA key ........................................................................................................ 13
Create SBC Trustpoint .................................................................................................. 13
Generate Certificate Signing Request (CSR) ................................................................. 13
Authenticate CA Certificate .......................................................................................... 13
Import signed host certificate ....................................................................................... 14
Specify the default trust point and TLS version to use .................................................. 14
Install Trusted Root Certificate Authority Bundle ........................................................... 14
Trusted CA trust point for Google CA ........................................................................... 14
Exporting RSA key and certificate from CUBE 1 for High Availability ............................. 15
Import RSA key and certificate in CUBE 2 for High Availability ...................................... 15
Global CUBE settings ....................................................................................................... 16
Configure Redundancy group ....................................................................................... 17
Message Handling Rules .................................................................................................. 18
© 2023 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 2 of 47
 SIP Profiles: Manipulations for outbound messages to Google Voice SIP link................ 18
SIP Profiles: Manipulations for inbound messages from Google Voice SIP link .............. 18
Options Keepalive ........................................................................................................ 18
SRTP crypto ................................................................................................................. 19
Tenant ............................................................................................................................. 20
Tenant for Google Trunk: .............................................................................................. 20
Tenant to PSTN/PBX: ................................................................................................... 20
Number translation rules .................................................................................................. 20
From PSTN/PBX translation rule with non +E164 .......................................................... 20
From Google Voice translation rule for 3-digit dialing ................................................... 20
Codecs ............................................................................................................................ 21
Codecs towards Google Voice ..................................................................................... 21
Codecs towards PSTN ................................................................................................. 21
Dial peers ........................................................................................................................ 21
Outbound Dial-peer to the PSTN and PBX using UDP with RTP: ................................... 21
Inbound Dial-peer from the PSTN and PBX using UDP with RTP: ................................. 22
Outbound Dial-peers to Google Voice SIP Link using TLS with SRTP: .......................... 24
Inbound Dial-peer from Google Voice using TLS with SRTP: ........................................ 24
Configuration Example ..................................................................................................... 26
Important Information .......................................................................................................... 46

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 3 of 47
Table of Figures
Figure 1: Network Topology .................................................................................................. 6

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 4 of 47
Introduction
Customers using Google Voice SIP Link have the option of connecting to the public
telephone network (PSTN) using a Cisco Unified Border Element (CUBE) session border
controller (SBC).
This application note describes a tested CUBE configuration for connecting Google Voice SIP
Link to the PSTN or a PBX using a SIP trunk. CUBE can be configured to connect with many
service providers offering SIP trunking services. Please refer to provider documentation and
the content provided at www.cisco.com/go/interoperability for guidance on how to adjust
this tested configuration to meet the specific requirements of your trunking service.
This document assumes the reader is knowledgeable with the terminology and configuration
of Google Voice admin portal. Only CUBE configurations required for this tested solution are
presented. Feature configuration and most importantly the dial plan, are customer specific so
must be customized accordingly.
• This application note describes how to configure Google Voice SIP Link to the PSTN
using CUBE v14.4 [IOS-XE 17.6.2].
• Testing was performed in accordance with Google Voice SIP Link test plan methodology
which includes validation of basic calls, RFC2833 DTMF, call transfer, call forward, Ring
Group, Auto attendant and hold/resume.
• The CUBE configuration detailed in this document is based on a lab environment with a
simple dial-plan used to ensure proper interoperability between the PSTN network and
Google Voice SIP Link. The configuration described in this document details the
important settings required for successful interoperability.

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 5 of 47
 Network Topology

SIP Trunk CUBE 8300 tekVizion

v14.4

192.0.2.3 10.80.11.138
GE 0/0/2 GE 0/0/1
Google

Active

VIP:192.0.2.1 VIP:10.80.11.136 Carrier/ PSTN Provider

PSTN
NETWORK
TLS/SDES Standby SIP/UDP

GE 0/0/1
GE 0/0/2
10.80.11.137
192.0.2.2 IP IP
SIP/UDP

SIP Phone

IP
Google Voice
VVX X50 Series PBX
Web Client

Figure 1: Network Topology

Google Voice SIP Link and CUBE Settings:

Setting Value

Transport from CUBE to Google Voice SIP TLS with SRTP

link

Transport from CUBE and PSTN/PBX UDP with RTP

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 6 of 47
Tested System Components
The following components were used in the testing of this solution. Please refer to product
documentation for details of other supported options.

Hardware
A Cisco Catalyst Edge 8300 router was used for this tested solution. Any CUBE platform
may be used though, (refer to https://www.cisco.com/go/cube) for more information.

Software Used
● CUBE v14.4 IOS-XE 17.6.2
● Poly VVX 250 OBI Edition V6.4.3.10318
● OnPrem PBX (Asterisk PBX) V16.0.17

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 7 of 47
Features
Features Supported
• Basic calls
• Call Hold and Resume
• Call Transfer
• DTMF RFC 2833
• Short Code calls
• Calling Party Number Presentation
• Calling Party Number Restricted
• Ring Group
• Auto Attendant
• Voicemail
• Call Recording
• E164 and Non-E164 dialing

Features Not Supported

• Call conference
• Linked Phone Numbers
• Call Forward
• STIR-Shaken

Caveats
The following are the observations from CUBE.
• After High Availability Switchover, if a call is immediately disconnected from Google
Voice user client, the PSTN leg remains connected until the standby SBC establishes
a SIP TLS connection to Google Voice.
• CUBE does not support codec preference list in SRTP to RTP
• By default, CUBE processes TCP keepalive for every 1 min when the TLS SIP
OPTIONs is down/disabled.

The following are the limitations for Google Voice users

• No DTMF options are presented in the Google Voice voicemail system. A PSTN user
can leave a voice message after the tone. Once the voice message is left, the caller
has to disconnect the call manually and no options/announcement are given to
navigate further options.
• Google Voice supports only UPDATE as a session refresh mechanism.

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 8 of 47
Google Voice SIP Link Configuration
Refer to the following for further information on how to configure Google Voice SIP Link:
support.google.com/a?p=siplink

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 9 of 47
Configuring Cisco Unified Border Element for Google
Voice SIP Link
The following configuration involves the CUBE High Availability (active/standby CUBEs for
stateful failover of active calls).

Licensing
Ensure that the appropriate licenses are enabled for using CUBE and TLS for the platform
you are using. You will need to save your configuration and reload the platform when
changing feature licenses.
For Cisco ISR 1000 Series and Cisco 4000 Series routers, use the following commands:
license boot level uck9
license boot level securityk9
For Cisco ASR 1000 Series routers, use either the Advanced IP services or Advanced
Enterprise services with one of the following commands:
license boot level advipservices
license boot level adventerprise

For Cisco Catalyst 8300 and 8200 Series Edge Platforms, use the DNA Network Essentials
feature license, or better and the required throughput level. The following example uses
25Mbps bidirectional crypto throughput, select the appropriate level for the number of calls
anticipated.
license boot level network-essentials
platform hardware throughput crypto 25M

For Cisco Catalyst 8000V Edge Software, use the DNA Network Essentials feature license, or
better and the required throughput level. The following example uses 1Gbps throughput,
select the appropriate level for the number of calls anticipated.
license boot level network-essentials addon dna-essentials
platform hardware throughput level MB 1000

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 10 of 47
IP Networking
Note: CUBE and service provider addresses used in this guide are fictional and provided for
illustration purposes only.
interface GigabitEthernet0/0/0
description HA interface
ip address 10.64.5.235 255.255.0.0
negotiation auto

interface GigabitEthernet0/0/1
description To PSTN and PBX
ip address 10.80.11.137 255.255.255.0
negotiation auto
redundancy rii 16
redundancy group 1 ip 10.80.11.136 exclusive
!
interface GigabitEthernet0/0/2
description To Google Voice
ip address 192.65.79.x 255.255.255.x
negotiation auto
redundancy rii 15
redundancy group 1 ip 192.65.79.x exclusive

Explanation

Command Description

redundancy rii id Redundant interface identifier to generate virtual MAC

address for HA interface. RII must be unique across
networks and configured the same for equivalent
interfaces in active and standby platforms.
redundancy group 1 ip Enable Redundancy group in physical interface with
192.65.79.x exclusive virtual IP towards Google Voice.

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 11 of 47
Route To Google Voice SIP link & Internet
ip route 216.239.36.0 255.255.255.0 192.65.79.x

Route To PSTN-PBX
ip route 10.64.0.0 255.255.0.0 10.80.11.1
ip route 172.16.0.0 255.255.0.0 10.80.11.1

Domain Name
Use the same domain name for the router as used for the Microsoft 365 tenant.
ip domain name example.com

DNS Servers
DNS must be configured to resolve addresses for Google trunk.
ip name-server 8.8.8.8

NTP Servers
Configure a suitable NTP source to ensure that the correct time is used by the platform.
ntp server 10.10.10.5

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 12 of 47
Certificates
The following steps describe how to create and install a certificate. The SBC TLS certificate
must contain its fully qualified domain name (FQDN) as common name (CN), be 2,048 bits in
size, and use RSA or ECDSA encryption. Wildcard certificates are not supported.

Generate RSA key

crypto key generate rsa general-keys label sbc6 exportable redundancy modulus 2048
The name for the keys will be: sbc6

% The key modulus size is 2048 bits

% Generating 2048 bit RSA keys, keys will be exportable with redundancy...
[OK] (elapsed time was 1 seconds)

Create SBC Trustpoint

crypto pki trustpoint sbc6
enrollment terminal
fqdn sbc6.tekvizionlabs.com
subject-name cn=sbc6.tekvizionlabs.com
subject-alt-name sbc6.tekvizionlabs.com
revocation-check crl
rsakeypair sbc6

Generate Certificate Signing Request (CSR)

Use this CSR to request a certificate from one of the supported Certificate authorities.
crypto pki enroll sbc6
% Start certificate enrollment ..

% The subject name in the certificate will include: cn=sbc6.tekvizionlabs.com

% The subject name in the certificate will include: sbc6.tekvizionlabs.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:

Authenticate CA Certificate
Enter the following command, then paste the CA certificate that verifies the host certificate
into the trust point (usually the intermediate certificate). Open the base 64 CER/PEM file with
notepad, copy the text, and paste it into the terminal when prompted.

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 13 of 47
crypto pki authenticate sbc6

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself
Note: Refer the running configuration for the trust point of Root CA.

Import signed host certificate

Enter the following command then paste the host certificate into the trust point. Open the
base 64 CER/PEM file with notepad, copy the text, and paste it into the terminal when
prompted.
crypto pki import sbc certificate

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

Specify the default trust point and TLS version to use

sip-ua
transport tcp tls v1.2
crypto signaling default trustpoint sbc6

Install Trusted Root Certificate Authority Bundle

To validate certificates used by Google servers, a Cisco Trusted Certificate Authority bundle
must be installed as follows:
crypto pki trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b

Trusted CA trust point for Google CA

As an alternative to using the Cisco CA bundle, which includes the Google CAs, individual
trust points for these certificates may be created as follows.
crypto pki trustpoint GoogleCA1
enrollment terminal
revocation-check none

crypto pki trustpoint GoogleCA2

enrollment terminal
revocation-check none
Enter the following command then paste the CA certificate into the trust point. Open the
base 64 Google trusted root bundle CER/PEM file with notepad, copy the text, and paste it
into the terminal when prompted.
crypto pki authenticate GoogleCA1

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 14 of 47
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
< GTS Root R1 certificate>

crypto pki authenticate GoogleCA2

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself
< GlobalSign Root CA certificate >

Exporting RSA key and certificate from CUBE 1 for High Availability
crypto pki export sbc6 pkcs12 ftp://<username>@x.x.x.x/ password xxxxx
Address or name of remote host [x.x.x.x]?
Destination filename [sbc6]?
Writing sbc Writing pkcs12 file to ftp://<username>@x.x.x.x/sbc6
!
CRYPTO_PKI: Exported PKCS12 file successfully.

Import RSA key and certificate in CUBE 2 for High Availability

Using the below command, import the certificate to CUBE 2. This will automatically create
the trustpoint “sbc”
crypto pki import sbc6 pkcs12 ftp://<username>@x.x.x.x/sbc6 password xxxx
% Importing pkcs12...
Address or name of remote host [x.x.x.x]?
Source filename [sbc6]?
Reading file from ftp://<username>@x.x.x.x/sbc6!
[OK - 4931/4096 bytes]

CRYPTO_PKI: Imported PKCS12 file successfully.

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 15 of 47
Global CUBE settings
In order to enable CUBE with settings required to interwork with Google Voice, the following
commands must be entered:
voice service voip
ip address trusted list
ipv4 216.239.36.0 255.255.255.255
ipv4 10.64.1.0 255.255.255.0
ipv4 172.16.0.0 255.255.0.0
address-hiding
mode border-element
allow-connections sip to sip
redundancy-group 1
fax protocol pass-through g711alaw
trace
sip
error-passthru
asserted-id pai
privacy pstn
early-offer forced
sip-profiles inbound
sip-ua
transport tcp tls v1.2
crypto signaling default trustpoint sbc6

Explanation

Command Description

ip address trusted list To allow all traffic from a peer trunk to CUBE.

allow-connections sip to sip Allow back to back user agent connections between two SIP
call legs

redundancy-group 1 Enable Redundancy group

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 16 of 47
Configure Redundancy group
redundancy
mode none
application redundancy
group 1
priority 150 failover threshold 75
timers delay 30 reload 60
control GigabitEthernet0/0/0 protocol 1
data GigabitEthernet0/0/0
track 1 shutdown
track 2 shutdown
!
track 1 interface GigabitEthernet0/0/1 line-protocol
!
track 2 interface GigabitEthernet0/0/2 line-protocol

Explanation

Command Description

priority 150 failover threshold 75 Set priority weight for CUBE 1 and CUBE 2. High priority CUBE
turns Active and other Standby

timers delay 30 reload 60 the amount of time to delay RG group’s initialization and role
negotiation after the interface comes up and reload

control GigabitEthernet0/0/0 protocol interface used to exchange keepalive

1
data GigabitEthernet0/0/0 interface used for checkpointing of data traffic

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 17 of 47
Message Handling Rules
SIP Profiles: Manipulations for outbound messages to Google Voice SIP link
The following sip profile is required to:
Rule 1 and 3: To add X-Google-PBX-Trunk-secret-key header in request and response
Rule 2: To modify SIP-Req-URI header to trunk.sip.voice.google.com:5672
Rule 4: To modify “TO” header to trunk.sip.voice.google.com:5672
Rule 5: Modify Contact header with IP to SBC FQDN
voice class sip-profiles 200
rule 1 request ANY sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxxxxxxxxx"
rule 2 request ANY sip-header SIP-Req-URI modify
"sip:(.*)@siplink.telephony.goog:5672" "sip:\1@trunk.sip.voice.google.com:5672"
rule 3 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxxxxx"
rule 4 request ANY sip-header To modify "<sip:(.*)@siplink.telephony.goog>"
"<sip:\1@trunk.sip.voice.google.com>"
rule 5 request ANY sip-header Contact modify "<sip:(.*)@192.65.79.x:"
"<sip:\1@sbc6.tekvizionlabs.com:"
!

SIP Profiles: Manipulations for inbound messages from Google Voice SIP link
The following sip profile is required to:
Rule 1: Remove transport “grpc” received from Google, CUBE does not handle this
transport.
Rule 2: Remove candidate attributes received from Google.
voice class sip-profiles 2
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
!

Options Keepalive
To ensure that contact and from headers include the SBC fully qualified domain name, the
following profile is used.
voice class sip-profiles 201
rule 1 request OPTIONS sip-header SIP-Req-URI modify
"sip:siplink.telephony.goog:5672" "sip:trunk.sip.voice.google.com:5672"

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 18 of 47
 rule 2 request OPTIONS sip-header To modify "<sip:siplink.telephony.goog>"
"<sip:trunk.sip.voice.google.com>"
rule 3 request OPTIONS sip-header Contact modify "<sip:192.65.79.x:"
"<sip:sbc6.tekvizionlabs.com:"
rule 4 request OPTIONS sip-header From modify "<sip:192.65.79.x>"
"<sip:sbc6.tekvizionlabs.com>"
!
voice class sip-options-keepalive 200
description OPTIONS towards Google
transport tcp tls
sip-profiles 201

SRTP crypto
Used to set the crypto cipher for the Google Voice trunk.
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 19 of 47
Tenant
Tenant for Google Trunk:
voice class tenant 200
srtp-crypto 1
localhost dns: sbc6.tekvizionlabs.com
session transport tcp tls
bind control source-interface GigabitEthernet0/0/2
bind media source-interface GigabitEthernet0/0/2
sip-profiles 200
sip-profiles 2 inbound
early-offer forced

Tenant to PSTN/PBX:
voice class tenant 100
options-ping 60
session transport udp
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
early-offer forced

Number translation rules

The following translation rule applies for Google Voice SIP link sort code dialing and non
+E164 from PSTN/PBX to Google Voice SIP Link in E164.

From PSTN/PBX translation rule with non +E164

voice translation-rule 100
rule 1 /^\([2-9].........\)/ /+1\1/
!
voice translation-profile 100
translate calling 100
translate called 100

From Google Voice translation rule for 3-digit dialing

voice translation-rule 200
rule 1 /1\(...\)/ /\1/
!
voice translation-profile 200
translate called 200

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 20 of 47
Codecs
Codecs towards Google Voice
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 opus
codec preference 4 g722-64

Codecs towards PSTN

voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw

Dial peers
Outbound Dial-peer to the PSTN and PBX using UDP with RTP:
dial-peer voice 100 voip
description outbound to PSTN
destination-pattern .T
translation-profile incoming 200
session protocol sipv2
session target ipv4:10.64.1.x:5060
session transport udp
voice-class codec 2 offer-all
voice-class sip tenant 100
voice-class sip options-keepalive
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
voice class e164-pattern-map 300
e164 +197259801xx
e164 +1972598011x
!
dial-peer voice 300 voip
description outbound to PBX

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 21 of 47
 session protocol sipv2
session target ipv4:172.16.29.18:5060
session transport udp
destination e164-pattern-map 300
voice-class codec 2
voice-class sip tenant 100
voice-class sip options-keepalive
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!

Inbound Dial-peer from the PSTN and PBX using UDP with RTP:
voice class uri 100 sip
host ipv4:10.64.1.x
!
dial-peer voice 110 voip
description inbound from PSTN
translation-profile incoming 100
session protocol sipv2
session transport udp
incoming uri via 100
voice-class codec 2 offer-all
voice-class sip tenant 100
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
voice class uri 300 sip
host ipv4:172.16.29.18
!
dial-peer voice 310 voip
description inbound from PBX
translation-profile incoming 100
session protocol sipv2
© 2023 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 22 of 47
 session transport udp
incoming uri via 300
voice-class codec 1
voice-class sip tenant 100
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 23 of 47
Outbound Dial-peers to Google Voice SIP Link using TLS with SRTP:
voice class e164-pattern-map 200
e164 +197259800xx
e164 +1972598010x
!
dial-peer voice 200 voip
description outbound to Google
session protocol sipv2
session target dns:siplink.telephony.goog:5672
session transport tcp tls
destination e164-pattern-map 200
voice-class codec 1 offer-all
voice-class sip tenant 200
voice-class sip localhost dns:sbc6.tekvizionlabs.com
voice-class sip privacy-policy passthru
voice-class sip options-keepalive profile 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2
dtmf-relay rtp-nte
srtp
no vad
!

Inbound Dial-peer from Google Voice using TLS with SRTP:

voice class uri 200 sip
host pcscf.sip.voice.google.com
!
dial-peer voice 210 voip
description inbound from Google
session protocol sipv2
session transport tcp tls
incoming uri request 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 24 of 47
 dtmf-relay rtp-nte
srtp
no vad
!

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 25 of 47
Configuration Example
The following configuration contains a sample configuration of CUBE with all parameters detailed above.

CUBE 1 (Active):
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname 8K_CUBE
!
boot-start-marker
boot system bootflash:c8000be-universalk9.17.06.02.SPA.bin
boot-end-marker
!
logging buffered 2147483
!
no aaa new-model
clock timezone UTC -5 0
clock calendar-valid
!
ip name-server 8.8.8.8
ip domain name tekvizionlabs.com
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint sbc6
enrollment terminal
fqdn sbc6.tekvizionlabs.com
subject-name cn=sbc6.tekvizionlabs.com
subject-alt-name sbc6.tekvizionlabs.com
revocation-check crl
rsakeypair sbc6
© 2023 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 26 of 47
!
crypto pki trustpoint GoogleCA1
enrollment terminal
revocation-check none
!
crypto pki trustpoint GoogleCA2
enrollment terminal
revocation-check none
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
crypto pki certificate chain sbc6
certificate 00A76F21D0D0E2906D
certificate ca 07
crypto pki certificate chain GoogleCA1
certificate ca 0203E5936F31B01349886BA217
crypto pki certificate chain GoogleCA2
certificate ca 040000000001154B5AC394
!
crypto pki certificate pool
! ('certificate ca' cmd has been deprecated. Downloaded
! Trustpool certificates should be re-downloaded
! using 'crypro pki trustpool import url <url>')!
!
voice service voip
ip address trusted list
ipv4 216.239.36.0 255.255.255.0
ipv4 10.64.1.0 255.255.255.0
ipv4 172.16.0.0 255.255.0.0
address-hiding
mode border-element
allow-connections sip to sip
redundancy-group 1
fax protocol pass-through g711alaw
trace
sip
error-passthru
asserted-id pai
privacy pstn
early-offer forced
sip-profiles inbound
!
!

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 27 of 47
voice class uri 200 sip
host pcscf.sip.voice.google.com
!
voice class uri 300 sip
host ipv4:172.16.29.18
!
voice class uri 100 sip
host ipv4:10.64.1.72
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 opus
codec preference 4 g722-64
!
voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw
!
voice class sip-profiles 200
rule 1 request ANY sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxxxxxxx"
rule 2 request ANY sip-header SIP-Req-URI modify
"sip:(.*)@siplink.telephony.goog:5672" "sip:\1@trunk.sip.voice.google.com:5672"
rule 3 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxxx"
rule4 request ANY sip-header To modify"<sip:(.*)@siplink.telephony.goog>"
"<sip:\1@trunk.sip.voice.google.com>"
rule 5 request ANY sip-header Contact modify "<sip:(.*)@192.65.79.x:"
"<sip:\1@sbc6.tekvizionlabs.com:"
!
voice class sip-profiles 2
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*" "a=label:main-
audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
!
voice class sip-profiles 201
rule 1 request OPTIONS sip-header SIP-Req-URI modify
"sip:siplink.telephony.goog:5672" "sip:trunk.sip.voice.google.com:5672"
rule 2 request OPTIONS sip-header To modify "<sip:siplink.telephony.goog>"
"<sip:trunk.sip.voice.google.com>"
rule 3 request OPTIONS sip-header Contact modify "<sip:192.65.79.x:"
"<sip:sbc6.tekvizionlabs.com:"
rule 4 request OPTIONS sip-header From modify "<sip:192.65.79.x>"
"<sip:sbc6.tekvizionlabs.com>"
!
© 2023 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 28 of 47
voice class e164-pattern-map 200
e164 +197259800xx
e164 +1972598010x
!
!
voice class e164-pattern-map 300
e164 +1972598011x
e164 +197259801xx
!
!
voice class sip-options-keepalive 200
description OPTIONS towards Google
transport tcp tls
sip-profiles 201
!
voice class tenant 200
srtp-crypto 1
localhost dns:sbc6.tekvizionlabs.com
session transport tcp tls
bind control source-interface GigabitEthernet0/0/2
bind media source-interface GigabitEthernet0/0/2
sip-profiles 200
sip-profiles 2 inbound
early-offer forced
!
voice class tenant 100
options-ping 60
session transport udp
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
early-offer forced
!
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80
!
voice translation-rule 100
rule 1 /^\([2-9].........\)/ /+1\1/
!
voice translation-rule 200
rule 1 /1\(...\)/ /\1/
!
!
voice translation-profile 100

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 29 of 47
 translate calling 100
translate called 100
!
voice translation-profile 200
translate called 200
!
!
voice-card 0/1
dsp services dspfarm
no watchdog
!
no license feature hseck9
license udi pid C8300-1N1S-6T sn XXXX
license boot level network-essentials addon dna-essentials
memory free low-watermark processor 69096
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
application redundancy
group 1
name cube-ha
priority 100 failover threshold 75
timers delay 30 reload 60
control GigabitEthernet0/0/0 protocol 1
data GigabitEthernet0/0/0
track 1 shutdown
track 2 shutdown
!
track 1 interface GigabitEthernet0/0/1 line-protocol
!
track 2 interface GigabitEthernet0/0/2 line-protocol
!
interface GigabitEthernet0/0/0
description To HAinterface
ip address 10.64.5.234 255.255.0.0
negotiation auto
!
interface GigabitEthernet0/0/1

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 30 of 47
 description To PBX and PSTN
ip address 10.80.11.137 255.255.255.0
negotiation auto
redundancy rii 16
redundancy group 1 ip 10.80.11.136 exclusive
!
interface GigabitEthernet0/0/2
description To Google
ip address 192.65.79.x 255.255.255.x
negotiation auto
redundancy rii 15
redundancy group 1 ip 192.65.79.x exclusive
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
negotiation auto
!
interface Service-Engine0/1/0
!
ip tcp keepalive retries 5
ip tcp keepalive interval 7
ip http server
ip http secure-server
ip forward-protocol nd
ip route 10.64.0.0 255.255.0.0 10.80.11.1
ip route 172.16.0.0 255.255.0.0 10.80.11.1
ip route 216.239.36.0 255.255.255.0 192.65.79.129
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 31 of 47
!
mgcp profile default
!
!
dspfarm profile 1 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
codec g722-64
codec opus
maximum sessions 9
associate application CUBE
!
dial-peer voice 200 voip
description outbound to Google
session protocol sipv2
session target dns:siplink.telephony.goog:5672
session transport tcp tls
destination e164-pattern-map 200
voice-class codec 1 offer-all
voice-class sip tenant 200
voice-class sip privacy-policy passthru
voice-class sip options-keepalive profile 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 210 voip
description inbound from Google
session protocol sipv2
session transport tcp tls
incoming uri request 200
voice-class codec 1
voice-class sip tenant 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2
dtmf-relay rtp-nte
srtp

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 32 of 47
 no vad
!
dial-peer voice 100 voip
description outbound to PSTN
destination-pattern .T
translation-profile incoming 200
session protocol sipv2
session target ipv4:10.64.1.72:5060
session transport udp
voice-class codec 2 offer-all
voice-class sip tenant 100
voice-class sip options-keepalive
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 110 voip
description inbound from PSTN
translation-profile incoming 100
session protocol sipv2
session transport udp
incoming uri via 100
voice-class codec 2 offer-all
voice-class sip tenant 100
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 300 voip
description outbound to PBX
session protocol sipv2
session target ipv4:172.16.29.18:5060
session transport udp
destination e164-pattern-map 300
voice-class codec 2
voice-class sip tenant 100
voice-class sip options-keepalive
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 33 of 47
 voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 310 voip
description inbound from PBX
translation-profile incoming 100
session protocol sipv2
session transport udp
incoming uri via 300
voice-class codec 2
voice-class sip tenant 100
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
sip-ua
transport tcp tls v1.2
crypto signaling default trustpoint sbc6
!
line con 0
exec-timeout 5 0
password 7 06120A2
logging synchronous
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 60 0
password 7 15060E
logging synchronous
login
transport input telnet
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-
licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact
email address to send SCH notifications.
© 2023 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 34 of 47
 contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server 10.10.10.5
!
end

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 35 of 47
CUBE2 (Standby):

version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname 8K_Cube2
!
boot-start-marker
boot system bootflash:c8000be-universalk9.17.06.02.SPA.bin
boot-end-marker
!
logging queue-limit 2000000
logging buffered 2147483
!
no aaa new-model
clock timezone UTC -5 0
clock calendar-valid
!
ip name-server 8.8.8.8
ip domain name tekvizionlabs.com
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2307055185
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2307055185
revocation-check none
rsakeypair TP-self-signed-2307055185
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint sbc6

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 36 of 47
 enrollment pkcs12
revocation-check crl
rsakeypair sbc6
!
crypto pki trustpoint GoogleCA1
enrollment terminal
revocation-check none
!
!
crypto pki trustpoint GoogleCA2
enrollment terminal
revocation-check none
!
crypto pki certificate chain TP-self-signed-2307055185
certificate self-signed 01
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
crypto pki certificate chain sbc6
certificate 00A76F21D0D0E2906D
certificate ca 07
crypto pki certificate chain GoogleCA1
certificate ca 0203E5936F31B01349886BA217
crypto pki certificate chain GoogleCA2
certificate ca 040000000001154B5AC394
!
crypto pki certificate pool
! ('certificate ca' cmd has been deprecated. Downloaded
! Trustpool certificates should be re-downloaded
! using 'crypro pki trustpool import url <url>')!
!
voice service voip
ip address trusted list
ipv4 216.239.36.0 255.255.255.0
ipv4 10.64.1.0 255.255.255.0
ipv4 172.16.0.0 255.255.0.0
address-hiding
mode border-element
allow-connections sip to sip
redundancy-group 1
fax protocol pass-through g711alaw
trace
sip
error-passthru

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 37 of 47
 asserted-id pai
privacy pstn
early-offer forced
sip-profiles inbound
!
voice class uri 200 sip
host pcscf.sip.voice.google.com
!
voice class uri 300 sip
host ipv4:172.16.29.18
!
voice class uri 100 sip
host ipv4:10.64.1.0
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 opus
codec preference 4 g722-64
!
voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw
!
voice class sip-profiles 200
rule 1 request ANY sip-header User-Agent modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxxxxxx"
rule 2 request ANY sip-header SIP-Req-URI modify
"sip:(.*)@siplink.telephony.goog:5672" "sip:\1@trunk.sip.voice.google.com:5672"
rule 3 response ANY sip-header Server modify "(IOS.*)" "\1\x0D\x0AX-Google-Pbx-
Trunk-Secret-Key:xxxx"
rule 4 request ANY sip-header To modify "<sip:(.*)@siplink.telephony.goog>"
"<sip:\1@trunk.sip.voice.google.com>"
rule 5 request ANY sip-header Contact modify "<sip:(.*)@192.65.79.x:"
"<sip:\1@sbc6.tekvizionlabs.com:"
!
voice class sip-profiles 2
rule 100 request ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
rule 110 response ANY sdp-header Audio-Attribute modify "a=candidate.*"
"a=label:main-audio"
!
voice class sip-profiles 201
rule 1 request OPTIONS sip-header SIP-Req-URI modify
"sip:siplink.telephony.goog:5672" "sip:trunk.sip.voice.google.com:5672"

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 38 of 47
 rule 2 request OPTIONS sip-header To modify "<sip:siplink.telephony.goog>"
"<sip:trunk.sip.voice.google.com>"
rule 3 request OPTIONS sip-header Contact modify "<sip:192.65.79.x:"
"<sip:sbc6.tekvizionlabs.com:"
rule 4 request OPTIONS sip-header From modify "<sip:192.65.79.x>"
"<sip:sbc6.tekvizionlabs.com>"
!
voice class e164-pattern-map 200
e164 +197259800xx
e164 +1972598010x
!
!
voice class e164-pattern-map 300
e164 +1972598011x
e164 +197259801xx
!
!
voice class sip-options-keepalive 200
description OPTIONS towards Google
transport tcp tls
sip-profiles 201
!
voice class tenant 200
srtp-crypto 1
localhost dns:sbc6.tekvizionlabs.com
session transport tcp tls
bind control source-interface GigabitEthernet0/0/2
bind media source-interface GigabitEthernet0/0/2
sip-profiles 200
sip-profiles 2 inbound
early-offer forced
!
voice class tenant 100
options-ping 60
session transport udp
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
early-offer forced
!
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_80
!
voice translation-rule 100
rule 1 /^\([2-9].........\)/ /+1\1/

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 39 of 47
!
voice translation-rule 200
rule 1 /1\(...\)/ /\1/
!
!
voice translation-profile 100
translate calling 100
translate called 100
!
voice translation-profile 200
translate called 200
!
voice-card 0/1
dsp services dspfarm
no watchdog
!
no license feature hseck9
license udi pid C8300-1N1S-6T sn xxx
license boot level network-essentials addon dna-essentials
memory free low-watermark processor 69096
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
application redundancy
group 1
priority 150 failover threshold 75
timers delay 30 reload 60
control GigabitEthernet0/0/0 protocol 1
data GigabitEthernet0/0/0
track 1 shutdown
track 2 shutdown
!
track 1 interface GigabitEthernet0/0/1 line-protocol
!
track 2 interface GigabitEthernet0/0/2 line-protocol
!
interface GigabitEthernet0/0/0
description To HA interface
ip address 10.64.5.235 255.255.0.0

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 40 of 47
 negotiation auto
!
interface GigabitEthernet0/0/1
description To PSTN and PBX
ip address 10.80.11.138 255.255.255.0
negotiation auto
redundancy rii 16
redundancy group 1 ip 10.80.11.136 exclusive
!
interface GigabitEthernet0/0/2
description To Google
ip address 192.65.79.x 255.255.255.128
negotiation auto
redundancy rii 15
redundancy group 1 ip 192.65.79.x exclusive
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/1/0
!
ip tcp keepalive retries 5
ip tcp keepalive interval 7
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip route 10.64.0.0 255.255.0.0 10.80.11.1
ip route 172.16.0.0 255.255.0.0 10.80.11.1
ip route 216.239.36.0 255.255.255.0 192.65.79.129
!

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 41 of 47
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
dspfarm profile 1 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
codec g722-64
codec opus
maximum sessions 9
associate application CUBE
!
dial-peer voice 200 voip
description outbound to Google
session protocol sipv2
session target dns:siplink.telephony.goog:5672
session transport tcp tls
destination e164-pattern-map 200
voice-class codec 1 offer-all
voice-class sip tenant 200

voice-class sip privacy-policy passthru

voice-class sip options-keepalive profile 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 210 voip
description inbound from Google
session protocol sipv2
session transport tcp tls
incoming uri request 200
voice-class codec 1 offer-all

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 42 of 47
 voice-class sip tenant 200
voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/2
voice-class sip bind media source-interface GigabitEthernet0/0/2
dtmf-relay rtp-nte
srtp
no vad
!
dial-peer voice 100 voip
description outbound to PSTN
translation-profile outgoing 200
destination-pattern .T
session protocol sipv2
session target ipv4:10.64.1.0:5060
session transport udp
voice-class codec 1
voice-class sip tenant 100
voice-class sip options-keepalive
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 110 voip
description inbound from PSTN
translation-profile incoming 100
session protocol sipv2
session transport udp
incoming uri via 100
voice-class codec 1
voice-class sip tenant 100
voice-class sip profiles 100
no voice-class sip session refresh
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 300 voip
description outbound to PBX
session protocol sipv2
session target ipv4:172.16.29.18:5060

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 43 of 47
 session transport udp
destination e164-pattern-map 300
voice-class codec 1
voice-class sip tenant 100
voice-class sip options-keepalive
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 310 voip
description inbound from PBX
translation-profile incoming 100
session protocol sipv2
session transport udp
incoming uri via 300
voice-class codec 1
voice-class sip tenant 100
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
no vad
!
sip-ua
transport tcp tls v1.2
crypto signaling default trustpoint sbc6
!
line con 0
exec-timeout 5 0
password 7 06120A
logging synchronous
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 60 0
password 7 0212015
logging synchronous
login
transport input telnet
line vty 5 14
login
transport input ssh

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 44 of 47
!
call-home
! If contact email address in call-home is configured as sch-smart-
licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact
email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server 10.10.10.5
!
end

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 45 of 47
Important Information

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE

WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO

BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE

FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE

LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT

LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS

MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

Corporate European Americas AsiaPacific

Headquarters Headquarters Headquarters Headquarters
Cisco Systems, Inc.
CiscoSystems Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman International BV 170 West Tasman Capital Tower
Drive Haarlerbergpark Drive 168 Robinson Road
San Jose, CA Haarlerbergweg 13- San Jose, CA #22-01 to #29-01
95134-1706 19 95134-1706
Singapore 068912
USA 1101 CH Amsterdam USA
www.cisco.com
www.cisco.com The Netherlands www.cisco.com
Tel: +65 317 7777
Tel: 408 526-4000 www- Tel: 408 526-7660
Fax: +65 317 7799
800 553-NETS europe.cisco.com Fax: 408 527-0883
(6387) Tel: 31 0 20 357
Fax: 408 526-4100 1000
Fax: 31 0 20 357
1100

Cisco Systems has more than 200 offices in the following countries and regions. Addresses,
phone numbers, and fax numbers are listed on the Cisco Web site at
http://www.cisco.com/go/offices.

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC •
Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France
• Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy •
Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 46 of 47
• Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia •
Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland •
Taiwan • Thailand • Turkey Ukraine • United Kingdom • United States • Venezuela • Vietnam
• Zimbabwe

© 2022 Cisco Systems, Inc. All rights reserved.

CCENT, Cisco Lumin, Cisco Nexus, the Cisco logo and the Cisco Square Bridge logo are
trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a
service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA,
CCDP, CCVP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork
Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco
Systems logo, Cisco Unity, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing,
FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo,
iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, Meeting Place, MGX,
Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare,
SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath
are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States
and certain other countries.
All other trademarks mentioned in this document or Website are the property of their
respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0705R)
Printed in the USA

© 2023 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 47 of 47