![]() |
Ribbon Documentation Portal will be unavailable Thursday February 2nd 2023 between 2:00 PM EST ~ 12:00 PM. More Info |
This article describes how to change the SIP transport protocol from TCP to TLS in a PBX - SBC Edge - MS Exchange 2007/2010 Unified Messaging Server topology.
Previously, we covered the configuration steps for PBX - SBC - MS Exchange 2007/2010 Unified Messaging Server in Downstream Deployment of SBC Edge in a PBX-SBC-eUM Topology. That configuration allows connectivity using TCP as the SIP Transport Protocol in the topology shown below.
Topology |
---|
In this article, we change the transport protocol from TCP to TLS in order to secure the voice calls. Follow the steps below to make the necessary additional adjustments to your existing configuration.
Click Apply.
Create New TLS Profile
Verify that SBC host name, domain name, and relevant DNS IP address are correctly configured.
Node-Level Settings
Verify that the SBC gateway FQDN resolves to the correct IP address in DNS level.
If not, request that your domain administrator to allow the relevant name resolution in DNS level. (e.g., FQDN should resolve to IP address and IP address resolves to FQDN correctly).
Verify
Email the text file (SBC certificate request file) to your Root Certificate Authority and get it signed by CA.
Generate Certificate Signing Request
After the certificate request is signed, CA administrator will provide you a signed certificate (e.g., SBCcert.p7b) file.
Confirm on the screen that status of the certificate is OK.
For more information see, Importing an SBC Edge Server Certificate in the User's Guide.
Server Certificates
Verify that today's date is in the date range between the Start Validity and Expiration dates.
Trusted CA Certificates
TLS is selected in the PROTOCOLfield.
UM2010 Server Host
In the left navigation pane, go to Security > Certificates > Exchange 2010 server entry.
For more information, see Creating and Modifying SIP Signaling Groups in the User's guide.
SIP to UMS
Click OK(this is necessary for TLS).
VoIP Security
Execute the set-UMIPgateway -identity "<Your UM IP GW ID>" -Port 5061
command to set the communication port between SBC and the Exchange Server to 5061.
Port Settings
Upon successful completion of the steps in this procedure you should be able to make SBC ↔ Exchange UMS calls over TLS transport protocol without any issues.