SIP phone trunk settings


When you configure a phone trunk for SIP phones, you’ll need to configure several basic settings. Depending on your requirements, you may also need to configure some of the more advanced settings. This reference describes all the settings that you’ll find on the Create/Edit Phone Trunk page for SIP phones.

Setting Description

Phone  Trunk Name

Use this field to assign the phone trunk a descriptive name. 

Type

Use this drop down to select SIP as the phone trunk type,

Trunk State

Use this switch to change the operational state of the phone trunk.

The default setting is In-Service.

Protocol

Use this drop-down to choose the trunk transport protocol variant.

There are three choices for the trunk transport protocol:

  • UDP
  • TCP 
  • TLS 

Listen Port

Use this field to specify the trunk transport listen port.

Common values for this setting are 8061 for TLS and 8060 for UDP and TCP.

Registration

If your SIP server or proxy server provides support for registration, then the status will be updated accordingly if the trunk ever becomes unavailable.

Setting Description

Max Registration Rate

Use this field to specify the average number of REGISTER requests per time period that are allowed on this trunk.

You can specify this number as a decimal or a fraction. For example:

  • 40/5s: 40 requests/5 seconds
  • 3.5/2m: 3.5 requests/2 minutes
  • 2.5/1h:  2.5 requests/1 hour

SIP Access Control

The access control list that you construct here only apply to inbound calls.

Setting Description

Use Source Address

Use this switch to determine whether ACL matching should use the SIP messaging source address (Yes) or the VIA header header originating address (No).

The default setting is Yes.

Allow the Following Addresses

Use the controls in this section to enter and build a list of IP or CIDR addresses to which you want to allow SIP access.

Notes:

  • Even if an address is allowed by matching this list, it can be denied if it also appears in the Always Deny list.
  • The addresses in this list will not have any affect on HTTP provisioning.

Always Deny the Following Addresses

Use the controls n this section to enter and build a list of IP or CIDR addresses to which you want to deny SIP access.

Notes:

  • Addresses must first match the Allow list before being evaluated against this list.
  • The addresses in this list will not have any affect on HTTP provisioning.

Allow All

Select this check box if you want to allow access to any IP or CIDR address.

Note: Allowing all addresses is a security risk.

Connection Configuration


Setting Description

Language

Use this drop-down to choose the language that you want to use for all calls that come in on this trunk.

Note: This language can be overridden by settings in Architect.

Calls

Setting Description

Max Calls

Use this field to specify the maximum number of combined active inbound and outbound calls that are allowed on this trunk.

Max Call Rate

Use this field to specify the average number of calls per time period that are allowed on this trunk. This rate applies to both inbound and outbound calls.

You can specify this number as a decimal or a fraction. For example:

  • 40/5s: 40 calls/5 seconds
  • 3.5/2m: 3.5 calls/2 minutes
  • 2.5/1h:  2.5 calls/1 hour

Max Dial Timeout

Use this field to specify the maximum number of seconds for a delay before an outgoing call attempt is aborted.

Setting Description

Transport DSCP Value

Use this drop-down to choose the Differentiated Services Code Point (DSCP) value of Quality of Service (QoS) for RTP and RTCP packets.

The system places this value in the upper 6 bits of the TOS (Type Of Service) field. The TOS field is in the IP header of every RTP and RTCP packet. The range of values available is 00 (0,000000) through 3F (63, 111111). 

Retryable Reason Codes

Use the field to enter a list of valid SIP reason codes. If an outbound call that is made on this line returns one of the SIP reason codes in this list, then that call is retried on the next line.

You can specify individual reason codes or ranges of reason codes, separated by commas.  

By default, PureCloud automatically enters a list of the most common retryable codes in the Retryable Reason Codes field.

The default code list: 500-599

Retryable Cause Codes

Use this field to enter a list of valid Q.850 cause codes. If an outbound call that is made on this line returns one of the Q.850 cause codes in this list, then that call is retried on the next line.

You can specify individual reason codes or ranges of reason codes, separated by commas.  

By default, PureCloud automatically enters a list of the most common retryable codes in the Retryable Cause Codes field.

The default code list:

1-5,25,27,28,31,34,38,41,42,44,46,62,63,79,91,96,97,99,100,103

TCP Settings

Setting Description

TCP Connection Timeout

Use this field to specify the number of seconds to delay before marking the TCP Connection to the remote IP address as failed and marking the port as unreachable.

TCP Connection Idle Timeout

Use this field to specify the number of seconds that a TCP connection can remain idle before being automatically closed.

TLS Settings

Setting Description

Mutual Authentication

Use this switch to enable or disable the mutual authentication requirement when negotiating the TLS handshake.

The default setting is Disabled.

SIPS URI scheme

Use this switch to enable or disable the sending of a SIPS URI scheme when it is configured for the TLS transport protocol.

The default setting is Disabled.

Method

Use this drop-down to choose which SSL 0r TLS method version to use. Available choices are:

  • SSL v2.3 (This version is no longer considered secure.)
  • SSL v3
  • TLS v1
  • TLS v1.1
  • TLS v1.2

The default setting is TLS v1.2.

Far-End NAT Traversal

Use this switch to enable or disable the Far-End NAT Traversal features for the remote user agent. For example, you would use this with SRTP Symmetric Latching of media streams.

The default setting is Disabled.

For more information, see FENT overview.

Ciphers

Use this drop-down to select and build a preferred order list of TLS ciphers. Available choices are:

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA

Subject Alternative Names

Use this field to specify and build a list of subject alternative names to use for the secure interface.

Valid values must begin with one of the following prefixes:

  • DNS:
  • IP:
  • URI:
  • email:

Setting Description

DSCP Value

Use this drop-down to choose the Differentiated Services Code Point (DSCP) value of Quality of Service (QoS) for RTP and RTCP packets.

The system places this value in the upper 6 bits of the TOS (Type Of Service) field. The TOS field is in the IP header of every RTP and RTCP packet. The range of values available is 00 (0,000000) through 3F (63, 111111). The default value is 2E (46 101110) EF.

Media Method 

Use this drop-down to choose the method that you want to use to offer an SDP (Session Description Protocol) to the other participant when making an outgoing call.  The offer proposes the set of media streams and codecs along with the IP addresses and ports to use. 

There are three choices for the Media Method:

  • Normal: Use the normal method, which sends an SDP Offer in the initial SIP INVITE request.
  • Delayed: Use the delayed method, which waits for an SDP Offer in a response before sending an SDP Answer.
  • Auto: Allow the system to choose between using the normal or the delayed method.

Preferred Codec List

Use the controls in this section to choose and build a preferred list of codecs. Available choices are:
  • audio/g722
  • audio/g729
  • audio/PCMA (g711 A-Law)
  • audio/PCMU (g711 µ-Law)
  • audio/opus

Note: PCMU and PCMA are also known as the g711 codec (the PCM stands for Pulse Code Modulation). PCMU ( µ-Law) is primarily for use in North America and PCMA (A-Law) is primarily for use in other countries outside of North America.

SRTP Cipher Suite List

Use the controls in this section to choose and build a preferred list of SRTP cipher suites to offer or allow in response. Available choices are:
  • AES_CM_128_HMAC_SHA1_32
  • AES_CM_128_HMAC_SHA1_80
  • AES_CM_192_HMAC_SHA1_32
  • AES_CM_192_HMAC_SHA1_80
  • AES_CM_256_HMAC_SHA1_32
  • AES_CM_256_HMAC_SHA1_80

Disconnect on Idle RTP

Use this switch to enable or disable the ability to disconnect a call when RTP is not received for an extended period of time. This setting is designed to account for intentional hold/conference scenarios.

Note: An extended period of time is defined as 5 minutes for normal calls or 12 hours for media that is sent in one direction (not send and receive). 

The default setting is Enabled. 

DTMF Settings

Setting Description

DTMF Payload

Specify the payload type value to use when the DTMF Method type is RTP Events. Valid range is 96–127.  The default value is 101.

Valid only when DTMF Method value is set to RTP Events. 

DTMF Method

Use the drop-down to select the method to use to transmit dual-tone multifrequency (DTMF) signaling. The default value is RTP Events.

There are three choices for the DTMF Method:

  • RTP Events: Enables out-of-band processing of events from the RTP stream (RFC 2833 or 4733).
  • In-band Audio: Enables the processing, detection, and synthesis of events from the audio codec stream.
  • None: Don’t use a DTMF method.

Header / Invite

Setting Description

Conversation Headers

Use this switch to enable or disable the ability to insert the custom conversation header: “x-inin-cnv” with the UUID value into SIP messages.

The default setting is Enabled.

Inbound Digest Authentication

Setting Description

Use this switch to enable or disable the ability to challenge Inbound requests. If you enable digest authentication, you’ll need to specify the associated authorization methods, realm, user name, and password.

The default setting is Disabled.

Authorization Methods

Use this field to select the SIP methods that should be challenged using SIP digest authentication.

Available choices are:

  • BYE
  • INFO
  • INVITE
  • NOTIFY
  • OPTIONS
  • REFER
  • REGISTER
  • SUBSCRIBE
  • UPDATE

Realm

Use this field to specify the domain name for the SIP realm that is used to authenticate the SIP challenge response.

User Name

Use this field to specify the user name that is authorized to access this trunk when receiving credentials from an external user agent client.

Password

Use this field to specify the password associated with the username that is authorized to access this trunk when receiving credentials from an external user agent client.

By default the password is masked, but you can select the Show Password check box to see the password in plain-text.

Setting Description

Require Authentications

Use this switch to enable or disable the requirement that an HTTP request must be authenticated by either a digest or MTLS before being processed.

The default setting is Disabled.

Prefer HTTP Redirects

Use this switch to enable or disable a preference for HTTP redirects over a proxy when the configuration data is not found on the local Edge.

The default setting is Disabled.

Require HTTPS

Use this switch to enable or disable the requirement that HTTPS forces an HTTP redirect if there is an available HTTPS server.

The default setting is Enabled.

External Provision Server

Use this field to specify the URI to an external provision server to redirect requests for phone configuration when the phone’s configuration is not found.

HTTP Port

Use this field to specify the port on which the HTTP receiver should listen.

HTTPS Port

Use this field to specify the port on which the HTTPS receiver should listen.

Setting Description

Media Capture

Use this switch to enable or disable media capture.

The default setting is Disabled. 

The Media Capture setting is designed to be enabled while you are working with PureCloud Technical Support personnel. Enabling it will generate a HPAA Packet File Format (HPAACAP) file that contains live packet streams that can be used for diagnostic and troubleshooting purposes. Therefore, you should only enable the Media Capture setting as directed by PureCloud Technical Support.

Warnings:
  • Enabling media capture can degrade performance and affect QoS.
  • Media capture will log all data entered into the system, including data entered via Secure IVR flows. This could include sensitive data that should not be exposed or captured. As such, if your organization is using Secure IVR, you should not enable the Media Capture setting.
  • If you are a PCI compliant PureCloud organization and have the PCI DSS setting enabled, then you will not be able to enable media capture – the Media Capture setting will not be available.

Protocol Capture

Use this switch to enable or disable protocol capture.

The default setting is Disabled. 

The Protocol Capture setting is designed to be enabled while you are working with PureCloud Technical Support personnel. Enabling it will generate a PCAP file that contains protocol specific network information that can be used for diagnostic and troubleshooting purposes. Therefore, you should only enable the Protocol Capture setting as directed by PureCloud Technical Support.

Warnings:
  • Enabling protocol capture can degrade performance and affect QoS.
  • Protocol capture will log all data entered into the system, including data entered via Secure IVR flows. This could include sensitive data that should not be exposed or captured. As such, if your organization is using Secure IVR, you should not enable the Protocol Capture setting.
  • If you are a PCI compliant PureCloud organization and have the PCI DSS setting enabled, then you will not be able to enable protocol capture – the Protocol Capture setting will not be available.

Capture Until

Use the calendar and clock controls to specify how long you want to collect data.

Phone System Logging (Syslog)

Setting Description

Syslog

Use this switch to enable or disable the ability of the the Edges connected to this trunk to receive syslogs from phones

The default setting is Disabled.

Note: You must also enable System Logging on the Base Setting or Phone configuration settings for your phones. For more information, see Find your phone’s configuration settings.

Syslog Port

Use this field to specify the port on which Edges connected to this trunk will listen for information on receiving syslogs from phones.

The default setting is port 514.



The Custom option is designed to allow PureCloud Technical Support personnel to alter a External Trunk configuration for troubleshooting or special circumstances. You should only enter custom property settings as directed by PureCloud Technical Support.
Setting Description
Property Name The name to assign to the custom property.
Data Type 

The data type for the custom property.

The available data types include:

  • Boolean
  • Text
  • Number
  • List
Value

The value to assign the custom property.

The data allowed in the Value filed changes depending on the Data Type selected:

  • When you select Boolean, the Value field changes to a drop down containing True and False.
  • When you select Text, the Value field will accept any characters you enter into the filed.
  • When you select Number, the Value field will only accept numeric characters.
  • When you select List, the Value field will only accept data entered as a comma separated list. You can enter numbers and letters enclosed in quotes ( “a”,”b”)