Tuesday, June 3, 2008

Getting your own IP Telephony PBX at home

It's been a while since my last post; and it's been even longer since my last technical post. This time, I've decided to get a Cisco router as my IP PBX for home, and offer SIP service to my family abroad, and I would like to briefly document it all.

It started when I got my Nokia E61i dual mode mobile phone. I wanted to use it with my SIP provider at home, but I discovered that it will not let me have both, my cell-phone and home ATA registered at the same time. Therefore, I decided to bypass it by having a home IP PBX.

Here are the overall steps. This is not a step by step process of how to do it all, but rather as what needs to be setup for getting it done. So here we go:

Ingredients:

  • A Cisco router with Cisco CallManager Express and Cisco Unity Express - I am using a UC520 with 8 user license; it has wireless connectivity, 4 FXS ports, 4 FXO ports (I will not use them) and 8 Ethernet ports with PoE.
  • A third-party SIP phone or adapter - I will be using the Linksys PAP2T.
  • A dual-mode Nokia E61i - this acts as a third party SIP phone
  • A SIP provider for the phone line - I use Broadvoice.

The overall steps are:

  1. Install CME/CUE on the router
  2. Configure CME
    1. Create Data and Voice VLANs
    2. Create and setup two SSIDs in the wireless interface: one for data, one for voice
    3. Assign IP addressing to the interfaces. The router will have to be set-up using irb (bridging wired and wireless).
    4. Configure IP Phones (SCCP phones and SIP phones).
    5. Generate a dial-plan that does not require to dial 9 to call the outside world.
    6. Configure analog voice ports as e-phones with STCAPP (details here)
    7. Configure hunt-groups, so all the phones will ring with the same DN
    8. Configure interaction with CUE (Voicemail)
    9. Configure SIP Trunking for outgoing line
  3. Setup the Nokia SIP client as a third-party SIP phone
  4. Setup the Linksys ATA as a third-party SIP phone

5 comments:

Juan Baez Jr. said...

Hi Leo,
I´m also doing pretty much the same. Let's say, same plate but different ingredients.
We have asterisk running at the office, Cisco desktop phones (ok, actually they are Linksys...) 16 FXS (Digium), a Sip Trunk (Gizmo project) and a couple of remote softphones and phones.
The result is just great: a very powerful PBX with a lot of features you might already know (and most important: happy users).
The new ingredient would be Nokia E51 (GSM/WiFi). When at home (or anywhere with WiFi coverage) I can connect to my office PBX. So anybody calling to my extension or my cel phone will ring my E51.
Also, at the office we have APs so I have a lot o mobility (still testing...)
I’m planning to install asterisk at my home and joining both PBX. I´ll let you know the results
There are a lot of things you can do in a SIP world.
Muchos Saludos,
Juan

Jon said...

Leo and Juan,

I'm trying to setup a home IP PBX as well. I've got a Cisco 2811 router with an AIM-CUE for voicemail.

I can't figure out how to get the Gizmo trunk configured properly in the router though. I can make outbound toll-free calls, but I can't use my Call Out credits to regular PSTN phone or receive inbound calls via GrandCentral.

Can one of you post your Gizmo trunk config? Here is mine.

!
voice-port 2/0
echo-cancel mode 1
mwi
timeouts interdigit 5
station-id name MAIN Line
station-id number 17470004625
caller-id enable
!
voice-port 2/1
echo-cancel mode 1
mwi
timeouts interdigit 5
station-id name Jons Cell
station-id number 1101
caller-id enable
!
dial-peer voice 11 voip
description 11-Digit Numbers Outbound via SIP Trunk
destination-pattern 1[2-9].........
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 1100 pots
description Cisco 2811 FXS Voice Port 2/0
destination-pattern 17470004625
port 2/0
authentication username 17470004625 password **********
!
sip-ua
credentials username 17470004625 password ********** realm proxy01.sipphone.com
retry invite 3
retry response 3
retry bye 3
retry cancel 3
timers trying 1000
registrar dns:proxy01.sipphone.com expires 60
sip-server dns:proxy01.sipphone.com
!

Leo Boulton said...

Jon-
I can't really comment on Gizmo trunks. Here's my trunk config for Broadvoice:

dial-peer voice 1000 voip
description ** Incoming call from SIP trunk **
translation-profile incoming Broadvoice_IN
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session target sip-server
incoming called-number 9545551234
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
!
dial-peer voice 1001 voip
description ** Outgoing call to SIP trunk (Generic SIP Trunk Provider) **
translation-profile outgoing PSTN_Outgoing
destination-pattern .T
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
!
dial-peer voice 1002 voip
corlist outgoing call-local
description ** star code to SIP trunk **
destination-pattern *..
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
!
!
no dial-peer outbound status-check pots
sip-ua
credentials username 9545551234 password 7 033C7E330F3F274F5E3012 realm BroadWorks
authentication username 9545551234 password 7 133D322A023C02293B1D23
authentication username 9545551234 password 7 063E2A19457E0F1A152E19 realm Bros
calling-info pstn-to-sip from number set 9545551234
no remote-party-id
retry invite 2
retry register 3
retry options 1
timers connect 100
mwi-server dns:sip.broadvoice.com expires 3600 port 5060 transport udp unsolicd
registrar dns:sip.broadvoice.com expires 3600
sip-server dns:sip.broadvoice.com
host-registrar

Michael L. said...

Very cool Leo! I have a basically unused CME/CUE kit that I would love to put in my house. Broadvoice looks like a good service- I see they can transfer my existing home number to them.

I have a customer using an internet SIP provider with CM at HQ terminating the trunks... call control setup by HQ through internal VPN, voice stream direct from SIP provider to branch office, over the internet. They are using open source tools to re-write SIP messages and direct calls to branches. Pretty cool when you get voice in a pure IP world! Security concerns not withstanding.

Keep up the good hacking!

Johnny D said...

Hi Leo,

I finally figured out how to get the Gizmo trunk to work with a Cisco router. Here is the entire config.

Jon

! DESCRIPTION:
!
! This is a Cisco 2811 configuration for use as a SIP client on Project Gizmo a/k/a sipphone.com. It also has NAT, Stateful Firewall, VPN Server, SSH, and port forwarding.
!
! It is recommended (and safe) to connect this router directly to your Internet Service Provider.
!
! You can forward your GrandCentral.com or IPKall.com phone number to your Gizmo number for free inbound calls.
!
! You can pay Gizmo 1.9 cents per minute for outbound calls and you can pay $4 per year to set your outbound Caller ID to match your GrandCentral or IPKall number.
!
! By Jon DeJongh --- jcdejongh at gmail dot com --- 9/30/2008
!
! <-------------------------------------------------------------------------------->
!
!
!Building configuration...
!
Current configuration : 18871 bytes
!
! Last configuration change at 18:03:12 EDT Tue Sep 30 2008 by admin
! NVRAM config last updated at 18:03:14 EDT Tue Sep 30 2008 by admin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Firewall !<-- Change this if you want.
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9_ivs-mz.124-15.T5.bin !<-- Make sure this matches your actual IOS.
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 critical
logging console critical
!
aaa new-model
!
!
aaa authentication login USERAUTH local
aaa authorization network SCRAMBLE local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
dot11 syslog
no ip source-route
!
!
ip cef
ip dhcp smart-relay
ip dhcp ping packets 0
!
!
no ip bootp server
ip domain name home.lab !<-- Set this to your domain name.
ip name-server 68.238.96.12 !<-- this is Verizon FiOS Primary DNS, change it if you want.
ip name-server 68.238.112.12 !<-- this is Verizon FiOS Secondary DNS, change it if you want.
ip inspect name FIREWALL 802-11-iapp
ip inspect name FIREWALL ace-svr
ip inspect name FIREWALL appleqtc
ip inspect name FIREWALL bgp
ip inspect name FIREWALL biff
ip inspect name FIREWALL bittorrent
ip inspect name FIREWALL bootpc
ip inspect name FIREWALL bootps
ip inspect name FIREWALL cddbp
ip inspect name FIREWALL cifs
ip inspect name FIREWALL cisco-fna
ip inspect name FIREWALL cisco-net-mgmt
ip inspect name FIREWALL cisco-svcs
ip inspect name FIREWALL cisco-sys
ip inspect name FIREWALL cisco-tdp
ip inspect name FIREWALL cisco-tna
ip inspect name FIREWALL citrix
ip inspect name FIREWALL citriximaclient
ip inspect name FIREWALL clp
ip inspect name FIREWALL creativepartnr
ip inspect name FIREWALL creativeserver
ip inspect name FIREWALL cuseeme
ip inspect name FIREWALL daytime
ip inspect name FIREWALL dbase
ip inspect name FIREWALL dbcontrol_agent
ip inspect name FIREWALL ddns-v3
ip inspect name FIREWALL dhcp-failover
ip inspect name FIREWALL directconnect
ip inspect name FIREWALL discard
ip inspect name FIREWALL dns
ip inspect name FIREWALL dnsix
ip inspect name FIREWALL echo
ip inspect name FIREWALL edonkey
ip inspect name FIREWALL entrust-svc-hdlr
ip inspect name FIREWALL entrust-svcs
ip inspect name FIREWALL esmtp
ip inspect name FIREWALL exec
ip inspect name FIREWALL fasttrack
ip inspect name FIREWALL fcip-port
ip inspect name FIREWALL finger
ip inspect name FIREWALL fragment maximum 256 timeout 1
ip inspect name FIREWALL ftp
ip inspect name FIREWALL ftps
ip inspect name FIREWALL gdoi
ip inspect name FIREWALL giop
ip inspect name FIREWALL gnutella
ip inspect name FIREWALL gopher
ip inspect name FIREWALL gtpv0
ip inspect name FIREWALL gtpv1
ip inspect name FIREWALL h323
ip inspect name FIREWALL h323callsigalt
ip inspect name FIREWALL hp-alarm-mgr
ip inspect name FIREWALL hp-collector
ip inspect name FIREWALL hp-managed-node
ip inspect name FIREWALL hsrp
ip inspect name FIREWALL http
ip inspect name FIREWALL https
ip inspect name FIREWALL ica
ip inspect name FIREWALL icabrowser
ip inspect name FIREWALL icmp
ip inspect name FIREWALL ident
ip inspect name FIREWALL igmpv3lite
ip inspect name FIREWALL imap
ip inspect name FIREWALL imap3
ip inspect name FIREWALL imaps
ip inspect name FIREWALL ipass
ip inspect name FIREWALL ipsec-msft
ip inspect name FIREWALL ipx
ip inspect name FIREWALL irc
ip inspect name FIREWALL irc-serv
ip inspect name FIREWALL ircs
ip inspect name FIREWALL ircu
ip inspect name FIREWALL isakmp
ip inspect name FIREWALL iscsi
ip inspect name FIREWALL iscsi-target
ip inspect name FIREWALL kazaa2
ip inspect name FIREWALL kerberos
ip inspect name FIREWALL kermit
ip inspect name FIREWALL l2tp
ip inspect name FIREWALL ldap
ip inspect name FIREWALL ldap-admin
ip inspect name FIREWALL ldaps
ip inspect name FIREWALL login
ip inspect name FIREWALL lotusmtap
ip inspect name FIREWALL lotusnote
ip inspect name FIREWALL microsoft-ds
ip inspect name FIREWALL ms-cluster-net
ip inspect name FIREWALL ms-dotnetster
ip inspect name FIREWALL ms-sna
ip inspect name FIREWALL ms-sql
ip inspect name FIREWALL ms-sql-m
ip inspect name FIREWALL msexch-routing
ip inspect name FIREWALL mysql
ip inspect name FIREWALL n2h2server
ip inspect name FIREWALL ncp
ip inspect name FIREWALL net8-cman
ip inspect name FIREWALL netbios-dgm
ip inspect name FIREWALL netbios-ns
ip inspect name FIREWALL netbios-ssn
ip inspect name FIREWALL netshow
ip inspect name FIREWALL netstat
ip inspect name FIREWALL nfs
ip inspect name FIREWALL nntp
ip inspect name FIREWALL ntp
ip inspect name FIREWALL oem-agent
ip inspect name FIREWALL oracle
ip inspect name FIREWALL oracle-em-vp
ip inspect name FIREWALL oraclenames
ip inspect name FIREWALL orasrv
ip inspect name FIREWALL pcanywheredata
ip inspect name FIREWALL pcanywherestat
ip inspect name FIREWALL pop3
ip inspect name FIREWALL pop3s
ip inspect name FIREWALL pptp
ip inspect name FIREWALL pwdgen
ip inspect name FIREWALL qmtp
ip inspect name FIREWALL r-winsock
ip inspect name FIREWALL radius
ip inspect name FIREWALL rcmd
ip inspect name FIREWALL rdb-dbs-disp
ip inspect name FIREWALL realaudio
ip inspect name FIREWALL realsecure
ip inspect name FIREWALL router
ip inspect name FIREWALL rsvd
ip inspect name FIREWALL rsvp-encap
ip inspect name FIREWALL rsvp_tunnel
ip inspect name FIREWALL rtc-pm-port
ip inspect name FIREWALL rtelnet
ip inspect name FIREWALL rtsp
ip inspect name FIREWALL send
ip inspect name FIREWALL shell
ip inspect name FIREWALL sip
ip inspect name FIREWALL sip-tls
ip inspect name FIREWALL skinny
ip inspect name FIREWALL sms
ip inspect name FIREWALL snmp
ip inspect name FIREWALL snmptrap
ip inspect name FIREWALL socks
ip inspect name FIREWALL sqlnet
ip inspect name FIREWALL sqlserv
ip inspect name FIREWALL sqlsrv
ip inspect name FIREWALL ssh
ip inspect name FIREWALL sshell
ip inspect name FIREWALL ssp
ip inspect name FIREWALL streamworks
ip inspect name FIREWALL stun
ip inspect name FIREWALL syslog
ip inspect name FIREWALL syslog-conn
ip inspect name FIREWALL tacacs
ip inspect name FIREWALL tacacs-ds
ip inspect name FIREWALL tarantella
ip inspect name FIREWALL tcp
ip inspect name FIREWALL telnet
ip inspect name FIREWALL telnets
ip inspect name FIREWALL tftp
ip inspect name FIREWALL time
ip inspect name FIREWALL timed
ip inspect name FIREWALL tr-rsrb
ip inspect name FIREWALL ttc
ip inspect name FIREWALL udp
ip inspect name FIREWALL uucp
ip inspect name FIREWALL vdolive
ip inspect name FIREWALL vqp
ip inspect name FIREWALL webster
ip inspect name FIREWALL who
ip inspect name FIREWALL winmx
ip inspect name FIREWALL wins
ip inspect name FIREWALL x11
ip inspect name FIREWALL xdmcp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method unit-test !<-- This DDNS doesn't seem to be working.
HTTP
add http://username:password.dyndns.org/nic/updatehostname=hostname.dyndns.org&myip=ipaddress&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG
interval maximum 24 0 0 0
interval minimum 1 0 0 0
!
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
fax protocol pass-through g711ulaw
sip
bind control source-interface FastEthernet0/1 !<-- This is my outside interface directly connected to the Internet.
bind media source-interface FastEthernet0/1 !<-- This is my outside interface directly connected to the Internet.
!
!
!
voice class codec 10 !<-- This is a picklist of codecs for the dial peers. Verify with your provider.
codec preference 1 ilbc
codec preference 2 g729r8
codec preference 3 g711ulaw
!
!
!
!
!
!
!
!
!
!
!
!
voice translation-rule 1
rule 1 /.*/ /1100/ !<-- This is the internal extension for the analog home phone.
!
voice translation-rule 2
rule 1 /.*/ /1747XXX4625/ !<-- This needs to be your REAL Gizmo phone number or outbound SIP calls will not be authorized by their servers.
! !<-- If you pay Gizmo the $4 per year, you can set your outbound Caller ID on their server to match your real Caller ID.
voice translation-rule 3
rule 1 // /1813/
!
voice translation-rule 4
rule 1 // /1/
!
!
voice translation-profile ADD_1 !<-- This adds a 1 to 10-digit numbers and sets the outbound CID to Gizmo.
translate calling 2
translate called 4
!
voice translation-profile ADD_1813 !<-- This adds a 1+813 to 7-digit numbers (Tampa, FL) and sets the outbound CID to Gizmo.
translate calling 2
translate called 3
!
voice translation-profile INBOUND_PROFILE !<-- This takes the inbound Gizmo number and changes it to 1100 for the analog home phone.
translate called 1
!
voice translation-profile OUTBOUND_PROFILE !<-- This profile only sets the outbound CID to Gizmo.
translate calling 2
!
voice translation-profile SET_CALLER_ID !<-- This profile only sets the outbound CID to Gizmo.
translate calling 2
!
!
!
crypto pki trustpoint TP-self-signed-2459680458
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2459680458
revocation-check none
rsakeypair TP-self-signed-2459680458
!
!
crypto pki certificate chain TP-self-signed-2459680458
certificate self-signed 01
!<--- Certificate snipped.
quit
!
!
username admin privilege 15 password 0 ********** !<-- Change this to your desired password.
archive
log config
hidekeys
!
!
crypto isakmp policy 20
encr aes 256
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group VPN-GROUP !<-- Change this if you want.
key ********** !<-- Change this to your desired preshared key.
pool RAS_VPN
acl RAS_VPN
save-password
include-local-lan
max-users 5
max-logins 5
netmask 255.255.255.0
!
!
!
crypto ipsec transform-set SCRAMBLE esp-aes 256 esp-sha-hmac
crypto ipsec transform-set RAS_VPN esp-aes 256 esp-sha-hmac
!
crypto dynamic-map DYN_MAP 5
set transform-set SCRAMBLE
match address PROTECT_IPSEC
!
!
crypto map RAS_VPN client authentication list USERAUTH
crypto map RAS_VPN isakmp authorization list SCRAMBLE
crypto map RAS_VPN client configuration address respond
crypto map RAS_VPN 20 ipsec-isakmp dynamic DYN_MAP
!
!
!
ip tcp synwait-time 10
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Connection to Home LAN$FW_INSIDE$
ip address 10.0.33.1 255.255.255.0 !<-- Feel free to change this.
ip access-group MYLAN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect FIREWALL in
ip inspect FIREWALL out
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/1
description Connection to FIOS Internet$FW_OUTSIDE$
ip address dhcp
ip access-group INBOUNDFILTERS in
ip access-group OUTBOUNDFILTERS out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect FIREWALL in
ip inspect FIREWALL out
ip virtual-reassembly
duplex full
speed auto
no cdp enable
no mop enabled
crypto map RAS_VPN
!
ip local pool RAS_VPN 10.0.35.101 10.0.35.120 !<-- Feel free to change this.
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip nat inside source static udp 10.0.33.131 16698 interface FastEthernet0/1 16698 !<-- An example of TCP port forwarding.
ip nat inside source static tcp 10.0.33.131 16698 interface FastEthernet0/1 16698 !<-- An example of UDP port forwarding.
ip nat inside source route-map NO_NAT interface FastEthernet0/1 overload !<-- This establishes NAT for inside traffic.
!
ip access-list extended INBOUNDFILTERS
permit tcp any any eq 22 !<-- This is inbound SSH, feel free to remove it if you don't want remote SSH access.
permit udp any any eq bootpc !<-- This allows the Outside interface to receive a DCHP address from FiOS.
permit udp any any eq bootps !<-- This allows the Outside interface to receive a DCHP address from FiOS.
permit udp host 68.238.96.12 eq domain any !<-- This allows DNS query replies from Verizon's primary DNS.
permit udp host 68.238.112.12 eq domain any !<-- This allows DNS query replies from Verizon's secondary DNS.
permit udp any any eq ntp !<-- This allows the router to receive Network Time Protocol replies.
permit udp any any eq isakmp !<-- This allows inbound IPSEC ISAKMP exchanges.
permit udp any any eq non500-isakmp !<-- This allows inbound IPSEC ISAKMP exchanges.
permit tcp any any eq 5060 !<-- This allows inbound SIP packets over TCP.
permit udp any any eq 5060 !<-- This allows inbound SIP packets over UDP.
permit tcp any any eq 16698 !<-- This allows our example of TCP port forwarding in.
permit udp any any eq 16698 !<-- This allows our example of UDP port forwarding in.
permit icmp any any echo-reply !<-- This allows Ping replies back in.
permit esp any any !<-- This allows inbound IPSEC ESP exchanges.
permit ahp any any !<-- This allows inbound IPSEC AHP exchanges.
evaluate MYTRAFFIC !<-- This allows locally generated traffic replies in.
deny ip any any !<-- This denies everything else. You can add "log" to this line to log denials.
ip access-list extended MYLAN !<-- This defines traffic generated by the local LAN.
permit ip 10.0.33.0 0.0.0.255 any
permit ip 10.0.35.0 0.0.0.255 any
ip access-list extended NO_NAT !<-- This defines our VPN tunnel traffic.
deny ip 10.0.33.0 0.0.0.255 10.0.35.0 0.0.0.255
permit ip 10.0.33.0 0.0.0.255 any
permit ip 10.0.35.0 0.0.0.255 any
ip access-list extended OUTBOUNDFILTERS !<-- This establishes our outbound firewall filters.
permit ip any any reflect MYTRAFFIC
ip access-list extended PROTECT_IPSEC !<-- This protects IPSEC from the firewall filters.
permit ip any 10.0.35.0 0.0.0.255
ip access-list extended RAS_VPN !<-- This defines our remote access VPN network.
permit ip 10.0.33.0 0.0.0.255 10.0.35.0 0.0.0.255
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.0.33.0 0.0.0.255
access-list 1 permit 10.0.35.0 0.0.0.255
access-list 1 deny any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 10.0.33.0 0.0.0.255 any
access-list 100 permit ip 10.0.35.0 0.0.0.255 any
access-list 100 deny ip any any
snmp-server community ****** RW 1 !<-- Change this.
!
!
!
route-map NO_NAT permit 10 !<-- This exempts our VPN tunnel from NAT.
match ip address NO_NAT
!
!
!
!
control-plane
!
!
!
voice-port 0/3/0 !<-- This is my analog home phone port.
echo-cancel mode 1
mwi
timeouts interdigit 3
station-id name CALLER ID NAME !<-- Change this to your Caller ID Name.
station-id number 1100
caller-id enable
!
voice-port 0/3/1
shutdown
!
!
!
!
!
dial-peer voice 7 voip
description 7-Digit Numbers Outbound via SIP Trunk
translation-profile outgoing ADD_1813
destination-pattern [2-9]......T
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 813 voip
description 813 10-Digit Numbers Outbound via SIP Trunk
translation-profile outgoing ADD_1
destination-pattern 813[2-9]......
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 727 voip
description 727 10-Digit Numbers Outbound via SIP Trunk
translation-profile outgoing ADD_1
destination-pattern 727[2-9]......
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 10 voip
description 10-Digit Numbers Outbound via SIP Trunk
translation-profile outgoing ADD_1
shutdown
destination-pattern [2-9].........
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 11 voip
description 11-Digit Numbers Outbound via SIP Trunk
translation-profile outgoing OUTBOUND_PROFILE
destination-pattern 1[2-9].........
modem passthrough nse codec g711ulaw
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 976 voip
description Block 976 Numbers
destination-pattern [2-9]..976....
voice-class codec 10
session protocol sipv2
session target ipv4:1.1.1.1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1976 voip
description Block 1-xxx-976 Numbers
destination-pattern 1[2-9]..976....
voice-class codec 10
session protocol sipv2
session target ipv4:1.1.1.1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 900 voip
description Block 900 Numbers
destination-pattern 900.......
voice-class codec 10
session protocol sipv2
session target ipv4:1.1.1.1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1900 voip
description Block 1-900 Numbers
destination-pattern 1900.......
voice-class codec 10
session protocol sipv2
session target ipv4:1.1.1.1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1 voip
description **Incoming Call from SIP Trunk**
translation-profile incoming INCOMING_PROFILE
voice-class codec 10
session protocol sipv2
session target dns:proxy01.sipphone.com
incoming called-number 1747XXX4625 !<-- This is the REAL Gizmo phone number.
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1100 pots
description Cisco 2811 FXS Voice Port 0/3/0
destination-pattern 1100
port 0/3/0
no sip-register
!
!
num-exp 411 18004664411
num-exp 1411 18004664411
num-exp 911 18132249911
num-exp 1747XXX4625 1100 !<-- This is the REAL Gizmo phone number.
gateway
timer receive-rtp 1200
!
sip-ua
credentials username 1747XXX4625 password ********** realm proxy01.sipphone.com !<-- This registers the Gizmo number with SIP. Change this.
authentication username 1747XXX4625 password 0 ********** realm proxy01.sipphone.com !<-- This authenticates outbound calls through Gizmo. Change this.
retry invite 3
retry response 3
retry bye 3
retry cancel 3
retry register 3
timers trying 1000
registrar dns:proxy01.sipphone.com expires 300
sip-server dns:proxy01.sipphone.com
!
!
!
gatekeeper
shutdown
!
banner motd ^C
********************************************************

This system is restricted to authorized users only.
All users of this system consent to monitoring.
Any unauthorized attempts to access this system will be
reported to the appropriate law enforcement agency for
prosecution to the full extent of the law.

********************************************************
^C
alias exec w write mem
alias exec s show run
alias exec c config t
alias exec b show ip int brief
alias exec u un all
alias exec sir show ip route
alias exec sdp show run | begin dial-peer
alias exec srd show sip register status
alias exec scd show sip connection udp detail
alias exec srb show run | begin
alias exec sri show run | include
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
access-class 100 in
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
access-class 100 in
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
sntp server 130.207.244.240 !<-- This is a public NTP server.
sntp server 209.81.9.7 !<-- This is a public NTP server.
sntp server 204.34.198.40 !<-- This is a public NTP server.
!
end

Firewall#