I have a 908e that I'm setting up with CenturyLink VoiceComplete internet based SIP Trunks. There are two carriers for failover and redundancy. There are two trunk groups from CL, one trunk group with 40 paths for inbound calls and one trunk group with 16 paths for outbound. To make this simple, I'm just focusing on one carrier for now. I have eth 0/1 configured with a static IP and plugged directly into a switch in a VLAN on the outside. I have two loopbacks configured on the same public IP subnet as eth 0/1. I want to create two SIP trunks to connect to CL. How can I do this on one interface? Do I use the media-gateway primary LOOP1 on the physical interface? What about LOOP2? How would the second trunk recieve calls?
Nathan,
Loopbacks are mainly used with SIP trunks when you have remote locations and you are passing SIP traffic through a GRE/VPN tunnel. They can also be used when you have two WAN interfaces for load balancing/redundancy. They aren't required when going to an ISP with one interface. You can only have one media-gateway command applied to an interface.
How is CL telling you to configure your two SIP trunks? Are you registering two different phone numbers on your trunks? For inbound calls, the carrier soft switch will send inbound calls to the trunk that has been registered from the ADTRAN. For outbound calls, you would configure Least Cost Routing (LCR) on the two outbound trunks and prefer one trunk over the other.
-Mark
You can have multiple SIP trunks anchored to the same interface. What is the problem that you're trying to solve by using multiple loopbacks?
Mark, the carrier has given us two sip trunks. One dedicated for inbound calls and one dedicated for outbound calls from the pbx. That’s the only way to control call flow for the customer. These are not registered trunks
Well, these are internet based sip trunks from century link and they require two public IP addresses from my customer, one for each sip trunk. One trunk is for inbound and one is for outbound. The way I was going to handle that was with loopbacks, because this 908e only has three Ethernet ports. eth0/1 to carrier 1 and eth0/2 to carrier 2 and gig0/1 to pbx. I can’t be the first person to ever do this, but I can’t seem to find any sample configs or documentation on how I would go about configuring this.
If the Centurylink endpoint IP for each trunk is unique that is all you need to worry about and you would not need to use loopback IP for the media gateway just use the public interface IP. You will need to coordinate this with Centurylink as they will need to now your endpoint IP for each trunk , which would be eth 0/1.1.
remember to add the correct firewall rules to only allow Centurylink into your Public media interface.
I've never heard of this requirement from a carrier. I'd escalate within CenturyLink or look for a different SIP provider.
you should have a email from Centurylink that states something like this: fake IP's of course.
inbound CTL signaling IP 1.1.1.1 rtp IP's 1.1.1.2-4 it should tell you what ports and subnets to open on your firewall
outbound CTL signaling IP 2.1.1.1 rtp IP's 2.1.1.2-4 it should tell you what ports and subnets to open on your firewall
your public IP 3.1.1.1
you set up your two sip trunks to the CTL signalling IP's and your Adtran will send and receive accordingly depending voice config.
this is done all the time the key is unique IP's to the ITSP sip endpoints
Sure, CenturyLink can have different IPs on their side, one for each of two trunks inbound and outbound. It doesn't make sense that they require the customer to have unique IPs for each.
Nbrown, I suggest you open a dialogue with CenturyLink to verify their requirements as this seems rather odd. If the trunks are registered as opposed to hard-coded by IP then they really don't need to know your IP addresses at all.
CenturyLink should not be requiring the customer to have two unique IP's, to support two trunks. As long as CenturyLink is sending from two different IP's "which they should be" the customer only needs one public IP on the Adtran and CenturyLink needs to know that IP to allow it through the Centurylink firewall sense it sounds like there is no registration on these trunks.
sample config:
!
ip firewall
!
!
interface eth 0/1
description inside/private network
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
media-gateway ip primary
ip access-policy VoIP-LAN
no shutdown
no lldp send-and-receive
!
interface eth 0/2
description outside/public network
ip address 63.1.1.1 255.255.255.248
no ip proxy-arp
ip access-policy Public
media-gateway ip primary
no shutdown
no lldp send-and-receive
!
!
ip access-list standard SIP_Public_Port
remark IP subnets used for Sip trunk Public
permit 67.1.1.0 0.0.0.63
!
ip access-list extended VoIP-SUBNET
permit 192.168.1.0 0.0.0.255 any
!
ip access-list extended Admin
permit icmp any any echo log
remark Admin Access
permit tcp any any eq https log
permit tcp any any eq ssh log
!
!
!
ip policy-class VoIP-LAN
allow list VoIP-SUBNET self
!
!
ip policy-class Public
allow list Admin self
allow list SIP_Public_Port self
!
!
voice trunk-list PBX_Trunks
trunk T10
!
voice trunk-list Provider_Trunks
trunk T01
trunk T02
!
!
voice trunk T01 type sip
description "CTL outbound"
sip-server primary 67.1.1.1
max-number-calls 16
trust-domain
codec-list g711_first both
!
voice trunk T02 type sip
description "CTL inbound"
sip-server primary 67.1.1.5
max-number-calls 40
trust-domain
codec-list g711_first both
!
voice trunk T10 type sip
description "SIP_to_Customer_PBX"
sip-server primary 192.168.1.2
trust-domain
codec-list g711_first both
grammar from host local
transfer-mode network
!
!
voice grouped-trunk CUSTOMER_SIP_PBX
trunk T10
accept $ cost 0
permit list Provider_Trunks
!deny all other trunks
!deny all other ani
!
!
voice grouped-trunk CTL_NBS
trunk T01
accept NXX-NXX-XXXX cost 0
accept 1-NXX-NXX-XXXX cost 0
accept 011-$ cost 0
accept 411 cost 0
accept 611 cost 0
accept 911 cost 0
permit list PBX_Trunks
!deny all other trunks
!deny all other ani
!