Configure the Session Border Controller

Configure a Audiocodes VE Mediant SBC to be used with Direct Routing.


Important :
The following process assumes that any value not defined will be the default value.



Install the Session Border Controller from the Azure Marketplace


This Direct Routing guide has been built/test with the following SBC, and should work with minimal modification.

Vendor Download Link
AudioCodes Session Border Controller(SBC) for Azure

Please follow Install Azure Session Border Controller for SBC installation guidelines.



Validate the Network




Validate Physical Port


The physical ports are automatically detected by the SBC.

  • goto Setup > IP Network > Core Entities > Physical Ports
  • validate GE 1

    In this example configuration only a single interface will be used.

Parameter Value
Index 0
Name GE_1
Description User Port#0


Validate Ethernet Group


The ethernet groups are automatically detected and automatically assigned to a Physical Port.

  • goto Setup > IP Network > Core Entities > Ethernet Groups
  • validate Group 1
Parameter Value
Index 0
Name Group_1
Mode Single
Member # [GE_1]


Validate Ethernet Device


  • goto Setup > IP Network > Core Entities > Ethernet Devices
  • validate Management Ethernet Device 0

    Note : even if you don’t tag traffic you are required to add a vlan ID

Parameter Value
Index 0
Name vlan 1
VLAN ID 1
Underlying Interface #0 [Group_1]
Tagging Untagged


Validate the IP Interface


  • goto Setup > IP Network > Core Entities > IP Interfaces
  • Validate eth0 IP Interface
Parameter Value
Index 0
Name eth0
Application Type OAMP + Media + Control
Ethernet Device #0 [vlan 1]
Interface Mode IPv4 Manual
IP address 10.0.0.4
Prefix length 24
Default Gateway 10.0.0.1
Primary DNS 168.63.129.16

Configure the Certificates



Configure the Certificates

  • goto Setup > IP Network > Security > TLS Contexts
  • _validate Security TLS Context 0
  • Request/issue a Public Certificate
  • Add Baltimore Root Certificate
  • Add Public CA Root & Intermediate Certificates
Modify Security TLS Contexts 0
Parameter Value Comments
Index 0  
Name default  
TLS Version TLSv1.2 Dependant on Public CA
DH Key Size 2048 (Minimum Recommended)
Add Security TLS Contexts 1
Parameter Value Comments
Index 1  
Name default  
TLS Version TLSv1.2 Dependant on Public CA
DH Key Size 2048 (Minimum Recommended)
Generate a CSR

  • goto Setup > IP Network > Security > TLS Contexts change Certificate
Parameter Value
Subject Name[CN] sbc01.shoey.example
Signatature Algorithm SHA1
Private Key Size 2048 Minimum recommended
Install the Certificate
  • goto Setup > IP Network > Security > TLS Contexts > Direct Connect > Change Certificate
  • goto Upload Certificate Files from your Computers
  • Load Private Key (if Applicable)
  • Load Device Certificate (PEM Format)
Install Root and Intermediate Certifiates
  • goto Setup > IP Network > Security > TLS Contexts > _ Select DirectRouting_ > Trusted Root Certificates
  • Select and Import the certificates
Import Baltimore Trusted Root Certificates
Certificate link comments
Baltimore Certificates Baltimore Certificates  
Root CA letsencrypt.org IMPORTANT This will be based on certificate purchased for your SBC, in lab environments I use free 90 day certs from letsencrypt.org and if I need longer than that I generally use digicert.com
Intermediant CA letsencrypt.org (Cross-Signed byIdenTrust) letsencrypt.org (Signed by ISRG Root X1) IMPORTANT This will be based on certificate purchased for your SBC, in lab environments I use free 90 day certs from letsencrypt.org and if I need longer than that I generally use digicert.com



Configure NTP Settings


  • goto Setup > Administration > Time & Date
  • Enable NTP
  • Configure Primary NTP Server

| Parameter | Value | | — | — | | Enable NTP | Enable | | Primary NTP | pool.ntp.org | | UTC Offset | As per your location | | Daylight Savings | As per your location |



Configure Syslog Settings


  • goto TroubleShoot > Logging > Syslog Settings
  • Enable Syslog
  • Configure SyslogServer IP

Syslog software can be downloaded from AudioCodes

Configure the Syslog Settings
Parameter Value
Enable Syslog Enable
Syslog Server 10.0.0.5
Debug Level Detailed



Configure Default DNS Settings (Optional)


  • goto Setup > IP Network > DNS > _DNS Settings
  • Configure Primary DNS Server
  • Configure Secondate DNS Server
Configure the NTP Settings
Parameter Value
Primary DNS 1.1.1.1
Secondary DNS 1.0.0.1



Configure Internal SRV Table


  • goto Setup > IP Network > DNS > Internal SRV
Parameter Value
Domain Name directrouting.local
Transport Type TLS
1st Entry  
DNS Name sip.pstnhub.microsoft.com
Priority 1
Weight 1
Port 5061
2nd Entry  
DNS Name sip2.pstnhub.microsoft.com
Priority 2
Weight 1
Port 5061
3rd Entry  
DNS Name sip3.pstnhub.microsoft.com
Priority 3
Weight 1
Port 5061



Configure the Media Realm


  • goto Setup > Signaling and Media > Core Entities > Media Realms
Modify Media Realm 0
Parameter Value
Index 0
Name ITSP
Topology Location Up
IPv4 Interface Name #0 [eth0]
Port Range Start 6000
Number of media session legs 10
Default Media Realm No
Configure Media Realm 1
Parameter Value
Index 1
Name DirectRouting
Topology Location Down
IPv4 Interface Name #0 [eth0]
Port Range Start 7000
Number of media session legs 10
Default Media Realm No



Configure the SIP Interfaces


  • goto Setup > Signaling and Media > Core Entities > SIP Interfaces
Modify SIP Interface 0
Parameter Value Comments
Name ITSP  
Network Interface #0 [eth0]  
Topology Location UP  
UDP port 5060  
TCP Port 0  
TLS Port 0  
Enable TCP Keepalive Enable  
Media Realm #0 [ITSP]  
TLS Context Name -  
Add SIP Interface 1
Parameter Value Comments
Name DirectRouting  
Network Interface #0 [eth0]  
Topology Location Down  
UDP port 0  
TCP Port 0  
TLS Port 5067  
Enable TCP Keepalive Enable  
Media Realm #1 [DirectRouting]  
TLS Context Name #1 [DirectRouting]  
TLS Mutual Authentication Enable Recommended to prevent DoS attacks
Classification Failure Response Type 0  



Create the Proxy Sets & Proxy Address


  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
  • Configure proxy set itsp
  • Configure proxy address itsp
  • Configure proxy set direct routing
  • Configure proxy address direct routing
Add Proxy Set 1
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
Parameter Value Value
Index 0
Name ITSP
SBC IPv4 SIP Interface #0 [ITSP]
Proxy Keep Alive Using OPTIONS
Add Proxy Address 2
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets > Add Proxy Address
Parameter Value
Proxy Address 203.0.113.233:5060
Transport Type UDP
Configure Proxy Sets 1
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
Parameter Value Value
Index 1
Name DirectRouting
SBC IPv4 SIP Interface #1 [DirectRouting]
TLS Context Name #1 [DirectRouting]
Proxy Keep Alive Using OPTIONS
Proxy Hot Swap Enable
Proxy Load Balancing Method Random Weights
DNS Resolve Method SRV
Configure Proxy Address - Direct Routing
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets > Add Proxy Address
Parameter Value
Proxy Address directrouting.local
Transport Type TLS



Configure a Coder Group


  • goto Setup > Signaling and Media > Coders and Profiles > Coder Groups
  • Create a new Coder Group 1

Recommend you create a new coder specifically for Direct Routing !

Coder Name Packetization Time Rate Payload Type Silense Suppression Coder Specific
SILK-NB 20 8 103 N/A  
SILK-WB 20 16 104 N/A  
G.711A-law 20 64 8 Disabled  
G.711U-law 20 64 0 Disabled  
G.729 20 8 18 Disabled  



Configure the IP Profile


  • goto Setup > Signaling and Media > Coders and Profiles > IP Profiles
  • create the ITSP IP Profile
  • create the Direct Routing IP Profile
Configure IP Profile 0
Parameter Value comments
Index 0  
Name ITSP  
SBC Media Security Mode RTP As per your SIP Trunk
Remote REFER Mode Handle Locally  
Remote Replaces Mode Handle Locally  
Remote Multiple 18x Not Supported ONLY Required if you get Ringback then silence
Create IP Profile 1
Parameter Value comments
Index 1  
Name DirectRouting  
SBC Media Security Mode SRTP  
SBC Media Security Method SDES DTLS will be supported in future
Extension Coders Group #1 [Audio_Coders_Groups_1]  
ICE Mode Disabled/Lite Only Enable Lite if you enable Media Bypass, otherwise keep disabled
Remote Update Support Not Supported  
Remote Re-Invite Supported only with SDP  
Remote Delayed Offer Support Not supported  
Remote REFER Mode Handle locally  
Remote Hold Format Inactive  



Configure an IP Group


  • goto Setup > Signaling and Media > Core Entities >_ IP Group_
  • create the ITSP IP Profile
  • create the Direct Routing IP Profile
Configure IP Group 1
Parameter Value
Index 1
Name ITSP
Topology Location Up
Proxy Set #1 [ITSP]
IP Profile #1 [ITSP]
Media Realm #0 [ITSP]
SBC Operation Mode B2BUA
Add IP Group 2
Parameter Value
Index 2
Name DirectRouting
Topology Location Down
Proxy Set #2 [DirectRouting]
IP Profile #2 [DirectRouting]
Media Realm #1 [DirectRouting]
Classify By Proxy Set Disable
SBC Operation Mode B2BUA
Local Host Name sbc01.shoey.example
Always Use Src Address Yes
DTLS Context #1 [DirectRouting]



Configure SRTP


  • goto Setup > Signaling and Media > Media > Media Security
Parameter Value
Media Security Enable
Media Security Behavior Perferable - Single Media



Configure Message Manipulations


  • goto Setup > Signaling and Media > Message Manipulation > Message Manipulations
  • Activate the SIP Options via https://ipaddress of sbc/AdminPage
Create the Message Manipulation
Parameter Value  
Index 0  
Name DirectRouting  
Manipulation Set ID 1  
Message Type Options  
Condition param.message.address.dst.sipinterface==’1’ The ID assigned to the Direct Routing InterfaceSIP Interface
Action Subject header.contact.url.host  
Action Type Modify  
Action Value ‘sbc01.shoey.example’  

Important: when adding the Action Value take note of the single quotes is ‘sbc.fqdn’

Activate the SIP Option
Parameter Value Comments
GWOutboundManipulationSet 1 Manipulation Set ID from previous step



Configure Message Condition Rule


  • goto Setup > Signaling and Media > Message Manipulation > Message Condition
Parameter Value
Index 0
Name DirectRouting-Contact
Condition header.contact.url.host contains ‘pstnhub.microsoft.com’



Configure Classification Rules


  • goto Setup > Signalling and Media > SBC > Classification
Parameter Value
Index 0
Name DirectRouting
Source SIP Interface #1 [DirectRouting]
Destination Host sbc01.shoey.example
Message Condition #0 [DirectRouting-Contact]
Action Type Allow
Source IP Group #2 [Direct Routing]



Configure IP to IP Routing


  • goto Setup > Signalling and Media > SBC > Routing > IP-to-IP Routing
  • create options terminate
  • create refer terminate
  • create ITSP to Direct Routing
  • create Direct Routing to ITSP
Option Terminate
Parameter Value
Index 0
Name OPTIONS Terminate
Request Type Options
Destination Type Dest Address
Destination Address Internal
Refer Terminate
Parameter Value
Index 1
Name REFER
Source IP Group Any
Call Trigger Refer
ReRoute IP Group #2 [DirectRouting]
Destination Type Request URI
Destination IP Group #2 [Direct Routing]
Sip Trunk to Direct Routing
Parameter Value
Index 2
Name ITSP to DirectRouting
Source IP Group #1 [ITSP]
Destination Type IP Group
Destination IP Group #2 [DirectRouting]
Direct Routing to Sip Trunk
Parameter Value
Name DirectRouting
Source IP Group #2 [DirectRouting]
Destination Type IP Group
Destination IP Group #1 [ITSP]



Restart SBC


  • goto Reset