SBC setup - looking for comments

I have a PBX that will not send registration to my SIP server. I would like to use a SBC to allow the local PBX to connect without needed to register and then connect back to my SIP server using the authorization user name/password.
I have never installed one of the SBC’s but I would think that this wouldn’t be hard.
g711 in and out.

Any comments?

Call sales - they can send you to all of the pertinent information.

There are lots of experienced folks here that use SBCs and swear by them.

An SBC might be overkill; some simple configuration and firewall settings may suffice.

PBX make/model? Equipped with SIP trunk hardware? Have any necessary licenses?

PBX location have a static IP address? Router/firewall make/model?

What software does your SIP servers run?

I see that you have servers in several US and Canadian cities. Can the PBX be set up to fail over to an alternate server if the primary is unreachable?

Thanks for the tip. Talked to Tom yesterday and have a unit coming in tomorrow, just looking for the experienced folks to make me feel better.

The PBX will not registrar trunks. I can get it to make outbound calls, but if it not registered to my SIP server, it have no idea where to send the inbound calls to.

The PBX is not one anyone has seen before. The router is a ASA. The ISTP is a Asterisk server I don’t have control over.

I was thinking SBC WAN side of things is just another gateway connection and on the lan side the PBX looks like a missed configured PBX. I’m sure once I have the box in my hands it be clearer.

You would send them to their IP address (manually configured on your server) and correct port, which their router forwards to the PBX (for security, only if the source address is that of your server). This requires them to have a static IP address. If they don’t, it may be a relatively inexpensive option they can get.

An alternative approach is for their site to establish a VPN connection to yours. You will then have a static private address at their end from which you can directly address their PBX.

2 Likes

This SBC will not work for my application.
The SBC needs a FQDN to active the session controller.

This sucks. Anyone know who to get around this? I don’t see a support for a dynamic FQDN service.

for this install I can’t use DNS. DNS=BAD

This box is getting shipped back to Sangoma Monday if I can’t get this working.

Dynamic DNS services provides a FQDN , it just needs to be up to date and point to your current IP or your calls will fail

Static assignment of name to ip inside your network is best done in /etc/hosts

the issue what the is the SBC rewrites the header with this information, so I needs to be correct.

I need this SBC to be installed behind another firewall with NAT.

I was thinking about installing a dynamic DNS client, but I know Sangoma has one installed on this unit, I just haven’t found it yet.

I would have to say that having a border controller inside your network is a puzzling and expensive concept

1 Like

I have a customer with a PBX that doesn’t register trunks.
So I wanted to use this SBC to allow the local connection to the PBX using LAN1
LAN0 was going to register to the trunks. Both LAN0 and LAN1 would be on the same private LAN block.

I guess could use the same interface but I have 4 of them.

If this was the PBX it would be easy, but this box . …

Not quite understanding, set up trunks by routable IP between all your “thing” don’t use user/pass if that hardware doesn’t support it.

1 Like

It is very common to set up trunks without registration. This is often called ‘IP authentication’. On outgoing, the provider recognizes the customer’s static public IP address to authenticate the call and know whom to bill. Incoming calls are sent to an IP address and port that was previously configured by the customer on the provider’s portal.

When available, IP authentication is more reliable (avoids ‘lost registration’ issues), is somewhat more secure (no SIP password to get stolen) and a little faster (don’t have to challenge and authenticate on each call). Virtually all ‘wholesale’ providers require IP authentication and most high end retailers (SIPStation, Flowroute, Twilio, etc.) support it.

Set up your mystery box that way and you should be fine.

I could use that only if the customer has a static, rotatable IP address which I do not have.

The IP address could change at any time so the SBC was going to bridge the IP authentication to the local PBX and registrar to my SIP trunks on the Internet.

I gave up on that box and packed it up to ship it back. I’m working on a small FreePBX to do the job. Not as sexy, but I’ll make it work.

Have you looked into getting a static IP from the ISP? Even if it’s ‘expensive’, it may be cheap compared to buying additional hardware, the cost of your time, etc.

How often does the IP address change? If every day, that’s going to be a problem anyhow, because a change will drop all calls in progress and likely block retries for a minute or more. If the address rarely changes, you could have a simple script that detects the change and adjusts accordingly.

Next, is a VPN feasible? If so, set it up so the customer gets a static private address on your system to which you can send calls.

I appreciate the ideas, but this is a sickie customer. IP can change on the fly. VPN is out of the question. I really wanted to use the SBC, but not going to work do to a feature in the SBC to try to stop people from mis configuring it. I was hoping this thread would prompt someone at Sangoma to update the software for me. But I don’t have the patients at this point.

Thanks for reading and responding.

This is your problem right here. The fact they are using Asterisk and have no support for IP Authentication means that they are not setting up peers/endpoints with the ability to not auth users. So either they just don’t know how to setup these accounts to support both or at least support IP Auth or they are not using straight Asterisk and have some sort of GUI like FreePBX where they don’t have the full control to do what they want.

Any ITSP that is a 100% Asterisk (no other SIP/Voice equipment) is questionable to begin with because it means they lack serious SIP telephony knowledge.

The solution to my issue was to use cheap Asterisk server from a popular vendor.
I created 2 trunk groups. 1 using a user name and password and the other a static IP address.

I just link the two together so any call from one goes to the other one.

The SBC would not allow me to do that, because I need to have a FQDN to active the SBC engine. I do not see a way to turn this requirement off.
The unit is all boxed up to send back. I have a ticket in with Sangoma but this is the 1st response I have received, nothing from support on the ticket.
If someone has a solution to turn this off, I have another 48-hours before FedEx takes it away.

SIP doesn’t need a FQDN for this. Are you sure it’s asking for a FQDN or is it asking for a Domain? sip:[email protected]:5060 is a SIP URI the 1.1.1.1 is the domain. sip:[email protected]:5060 is a SIP URI the domain.com is the domain.

So does it require FQDN or a Domain? Because there needs to be a default domain for the SBC.

inside the SBC you have the SBC engine. Each time I try to enable it, it brings to a web page with the errors that are required to resolve before the SBC engine will activate. One of the items is the domain name and setting the IP address for the ethernet port you want to assign the default route to.

The SBC using the FQDN to set the static IP address. You can’t just set the static IP address, it forces you to use the FQDN and a DNS to set the IP.

Sorry, but we are restricted from using DNS servers as they can be hacked.

Why would the SBC make you do a DNS lookup before you can set the IP address.

The box it so smart for it’s own good.