Configuring the Avaya Session Border Controller for IP Office Remote Workers September 2013
BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE (“AVAYA”). © 2013 Avaya Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
specified in the Documentation, and solely as embedded in, for execution on, or (in the event the applicable Documentation permits installation on non-Avaya equipment) for communication with Avaya equipment. Charges for Heritage Nortel Software may be based on extent of activation or use authorized as specified in an order or invoice. All non-Avaya trademarks are the property of their respective owners. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Configuring the Avaya Session Border Controller for IP Office Remote Workers Comments? infodev@avaya.
Contents Chapter 1: Overview........................................................................................................... 7 Remote access......................................................................................................................................... 7 Licencing................................................................................................................................................... 7 Remote Worker best practices..................................
Configuring the Avaya Session Border Controller for IP Office Remote Workers September 2013
Chapter 1: Overview The Avaya Session Border Controller for Enterprise (SBCE) delivers security to a SIP-based Unified Communications network. This document describes how to configure the SBCE for IP Office Remote Workers. Remote access When the SBCE is in an IP OFFICE Solution registration and remote access to the SBCE is done jointly with IP Office. Remote access is thru the SSL VPN on the IP OFFICE and hopping to the SBCE.
Overview To install the license: 1. Log in to the SBCE management interface. 2. In the navigation tree on the left, select System Management and then click Install. 3. In the Install License window, click Browse and navigate to the license file. 4. You can Append the license or Overwrite. Only overwrite if required. 5. You can Group By Product or License File.
Remote Worker best practices Client type Uses to the external interface of the SBCE TLS SRTP Audio SRTP Video If the mobile client using TLS and/or SRTP will be used to roam from the network on the ASBCE's external interface to the network on the IP Office side of the ASBCE, the transport medium will have to be changed while the mobile client is connected to the network on the IP Office side. IP Office 9.
Overview 10 Configuring the Avaya Session Border Controller for IP Office Remote Workers Comments? infodev@avaya.
Chapter 2: Configuring Session Border Controller Enterprise for IP Office Remote Workers Network interfaces The example below shows a two wire deployment of a Dell Session Border Controller for Enterprise (SBCE) in a demilitarized zone (DMZ). It is common to have only an external firewall, but it is possible to have a firewall on both sides of the DMZ. For a description of the distinction between one and two wire deployments, see Avaya Session Border Controller for Enterprise Overview and Specification.
Configuring Session Border Controller Enterprise for IP Office Remote Workers The following requirements apply to a single server two wire deployment. • M1 is used for management. • A1 is used to communicate with IP Office. • B1 is used to communicate with the endpoints. • M1, A1, and B1 all require an IP address. M1 cannot be on the same subnet as A1 or B1. • If A1 and B1 are on same subnet, you can do a one-wire deployment and use A1 only for data. M1 is still required for management.
Configuring network address translation Configuring network address translation If you have a firewall in front or behind the SBCE and are natting the SBCE IP address, you must perform this procedure. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2. Select Device Specific Settings and then Network Management. 3. Select the Network Configuration tab. 4.
Configuring Session Border Controller Enterprise for IP Office Remote Workers Configuring media interfaces Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2. Select Device Specific Settings and then Media Interfaces. 3. Click Add. 4. Enter the name for internal interface and then select the A1 IP address from the pull down menu. 5. Enter the media port range and click Finish.
Configuring server interworking profiles TCP port 5060 is the required transport for remote workers on IP Office. 7. Click Add. 8. Enter the name for external interface and the select the B1 IP address from the pull down menu. 9. For the transport to be used on that interface, put in the port in the chosen transport field or fields and click Finish. TCP port 5060 is the required transport for remote workers on IP Office. 10.
Configuring Session Border Controller Enterprise for IP Office Remote Workers Procedure 1. In the navigation tree on the left, expand System Management. 2. Select Device Specific Settings and then Global Profiles. 3. Select Phone Interworking. 4. Select the avaya-ru profile and click Clone. 5. Enter a name for the profile and click Finish. Configuring the call server Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1.
Configuring routing profiles Configuring routing profiles Routing profiles define packet routing criteria in order to route them to the right destination. Routing profiles are "applied" to Endpoint Flows. Clone an existing routing profile as a starting point or create a new one. Do not change the default profile. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2.
Configuring Session Border Controller Enterprise for IP Office Remote Workers Procedure 1. In the navigation tree on the left, expand System Management. 2. Select Device Specific Settings and then Global Profiles. 3. Select Topology Hiding. 4. Click on the default profile and then click Clone. 5. Enter a name and click Finish. 6. The profile just created is highlighted. Click Edit.
Configuring endpoint policy groups application rules See Administering Avaya Session Border Controller for Enterprise for additional information on domain polices. Configuring endpoint policy groups application rules Clone an existing application rule as a starting point or create a new one. Do not change the default. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2.
Configuring Session Border Controller Enterprise for IP Office Remote Workers Configuring endpoint policy groups media rules Clone an existing media rule as a starting point or create a new one. Do not change the default. Media rules are defined under System Management > Domain Policies > Media Rules. The requirements for media rules are as follows. • It is recommended to clone a profile like the default-low-med profile. The default Media Rule has the Media QoS setting of DSCP EF enabled.
Configuring server flows Configuring server flows A server flow is required for the IP Office. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2. Select Device Specific Settings and then End Point Flow. 3. Select Server Flow. 4. Click Add. 5. Enter a name for the IP Office flow. 6. In the Server Configuration field, select the IP Office server configuration. 7.
Configuring Session Border Controller Enterprise for IP Office Remote Workers Configuring user agent profiles User Agent profiles can be created using what the endpoints send in the user agent header. When these profiles are put in a subscriber flow, only phones that match that User Agent are allowed to send registration or other messages through the SBCE. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management.
Configuring subscriber flows 6. You can add the user agent header to a subscriber flow during the flow configuration or by editing an existing flow. In the subscriber flow User Agent field, select the user agent profile. Configuring subscriber flows Subscriber flows are required to route registrations and calls from the phones to and from the IP Office. Before you begin You must be logged into the SBCE Control Center as Admin. Procedure 1. In the navigation tree on the left, expand System Management. 2.
Configuring Session Border Controller Enterprise for IP Office Remote Workers 15. Click Finish. Example subscriber flow 24 Configuring the Avaya Session Border Controller for IP Office Remote Workers Comments? infodev@avaya.
Index B N backup ........................................................................ 12 network address translation ....................................... 13 network interfaces ...................................................... 11 C O call server ................................................................... 16 E end point policy groups ......................................... 18–20 application rules ................................................... 19 media rules ..................
