Cisco Unity Express Initilization and CUCM integration

Cisco Unity Express Initilization and CUCM integration

Cisco Unity Express is set to factory default settings. You need to run through the initial setup wizard to configure following settings,

IP Address : 142.102.66.253

Hostname : CUE

Domain name : ccievoice.com

DNS : not required

NTP : 142.102.64.254

Time Zone: Hong Kong

GUI web administrator : administrator

GUI web password : ccievoice

 

In addition, ensure that the CUE module has the correct license file to support integration required. In case you need to update the CUE's license file you should find following information useful:

1). FTP server address and folder path: 142.100.64.17/cuelic/

2). username/password: administrator/ccievoice

3). Files available on the FTP server:

       cue-vm-license_12mbx_ccm_7.0.1.pkg

       cue-vm-license_12mbx_cme_7.0.1.pkg

4). Use the following information for Cisco Unity Express and CUCM

  1. Voicemail Pilot Number: 4220

  2. Voicemail Port: 4221, 4222, 4223

  3. Jtapi User: cuejtapi

  4. Jtapi password: ccievoice

  5. Set all voice-mail account pins to "12345"

Create accounts for Site C Phone 1 and Phone 2.Make sure that messages can be left and MWI works on calls from the PSTN and local IP phones.

Configuration:

R3:

Int lo0

Ip ospf network point-to-point       

int service-engine 0/1

ip unnumbered lo0

service-module ip address 142.1.66.253 255.255.255.0     CUE web address

service-module ip default-gateway 142.1.66.254

no sh

ip route 142.1.66.253 255.255.255.255 service-engine 0/1     

#service-module service-engine 0/1 session

show software licenses 

software install clean url ftp://142.100.64.128/cue-vm-license-25mbx-cme_7.0.5.pkg username cisco password 12345

offline 

restore factory default   

hostname:CUE

domainname:ccievoice.com

ntpserver:142.102.64.254

 5)Asia

 13)Hong Kong

 1) Yes

CUCM:

Device > CTI Route Point

Add New

Save

Device > Phone

Add New

Add cti-2 cti-3, DN, 4222 & 4223

User Management > Application User

Add New

Controller Devices里面一共有6个设备,按Find more Phones,把SC Phone1/2加进来

Voice Mail > Voice Mail Pilot

Add New

Voice Mail > Voice Mail Profile

Add New

http://142.1.66.253

reload

Phone>CTI

CUE# show ccn status ccm-manager 

JTAPI Subsystem is currently registered with Call Manager: 142.100.64.11

JTAPI Version: 7.0(1.1000) -1 Release

CUE:

username SiteC1 pin 12345

username SiteC2 pin 12345

conf t

voicemail mailbox owner SiteC1

 no tu     

voicemail mailbox owner SiteC2

 no tu

 exit

voicemail callerid

ccn application ciscomwiapplication aa

 parameter "strMWI_OFF_DN" "1999"

 parameter "strMWI_ON_DN" 1998"

Cisco CME router configuration management via spreadsheets

 

Cisco CUCM Extension-mobility

 

Cisco CUCM Device Mobility

 

Cisco CUCM Intercom

 

Cisco CUCM DND

 

Cisco CUCM BLF Presence

 

Cisco CUCM AA-Greeting and holiday

 

Oracle EOM - MEC Connection to ME

 

EOM - MEC Connection to ME

ME setup page , download server certificate 

 

 

 

 

 

 

MEC Config page, add to trust store 

 

 

 

ME Config, change password to 'oracle'

 

MEC config - add ME

 

 

Oracle EOM Media packet capture

 

Calling or called number either way

 

We are tracing media calls from Jabber, so any media flow with internal IP in the call

 

 

Download pcap and wireshark RTP stream for filter

 

 

 

Choose internal (jabber) to SBC one and Prepare filter:

 

Found dscp value

 

When finish delete that number rom record media 

Oracle SBC enable media-manager

Oracle SBC enable media-manager

 

To ensure proper anchoring of media, media-manager should be globally enabled. The option unique-sdp-id should be added as well

 

SBC handles media only if the media-manager element is configured. In this element many parameters used in the media steering functions are defined.

 

 

acmelabsbc2# show run media-manager short

media-manager

        options                                 unique-sdp-id

 

 

 

if disabled：

 

 

 

Media goes to ｐｅｅｒ　ＩＰ：

 

 

 

If enabled：

 

 

 

Media goes to internal interfaceＩＰ：　

 

 

 

SBC Translation-rules add called number +1 outbound

 

session-translation

        id                                      addCalledPlusOne

        rules-called                            addPlusOne

 

 

translation-rules

        id                                      addPlusOne

        type                                    add

        add-string                              +1

 

 

realm-config

        identifier                              peer

        network-interfaces                      M00:0

        qos-enable                              enabled

        out-translationid                       addCalledPlusOne

        out-manipulationid                      fixgoestobellnewWITHpriority

        access-control-trust-level              low

If there is already plus 1, will not take effect. So change to test:

 

translation-rules

        id                                      addPlusOne

        type                                    add

        add-string                              888

 

To: <sip:888+15152212383@siptrunking.vm>

Cisco Unified Border Element (CUBE) Secure Integration

Manage ＣＵＢＥ Certificate　

 

ＲＳＡ key pair

cube1(config)#crypto key generate rsa general-keys label cube1 modulus 2048

The name for the keys will be: cube1

 

% The key modulus size is 2048 bits

% Generating 2048 bit RSA keys, keys will be non-exportable...

[OK] (elapsed time was 1 seconds)

 

ＫＰＩtrustpoint

cube1(config)#crypto pki trustpoint cube1-certificate

cube1(ca-trustpoint)#enrollment terminal pem

cube1(ca-trustpoint)#subject-name CN=cube1.dcloud.cisco.com

cube1(ca-trustpoint)#revocation-check none

cube1(ca-trustpoint)#rsakeypair cube1

cube1(ca-trustpoint)#hash sha256

 

download root

open it on ｗｏｒｄｐａｄ, copy

 

open aＳＳＨ session onＣＵＢＥ，　copy & paste

cube1(config)#crypto pki authenticate cube1-certificate

 

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

 

-----BEGIN CERTIFICATE-----

MIIDozCCAougAwIBAgIQM9+yOAbFS4ZDuwAiOVofnDANBgkqhkiG9w0BAQsFADBY

MRMwEQYKCZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFY2lzY28xFjAU

BgoJkiaJk/IsZAEZFgZkY2xvdWQxEjAQBgNVBAMTCWRjbG91ZC1DQTAeFw0xODEx

MTAxOTIyMThaFw0yODExMTAxOTMyMTdaMFgxEzARBgoJkiaJk/IsZAEZFgNjb20x

FTATBgoJkiaJk/IsZAEZFgVjaXNjbzEWMBQGCgmSJomT8ixkARkWBmRjbG91ZDES

MBAGA1UEAxMJZGNsb3VkLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

AQEAurm71uDcNgn3+CBxpRxRz1FjHpWjnJI2yhtTJqExMNrYqFbU2fi4F1SkGPIc

+knuFIsptAsf1hJ5wD9UVWqSCXF+v3Kxl9ZyxWPLTf6lnHSBjPpCrb0XxZqO/qj+

tjxoiFdirjYEmnFSPcSO/eulGSrhL2rrkifMnNnfNrqFk+JXCM4eICglGSvQ2VMF

x6yPALnK6zXwj422/bBzQ5XpWqVa8rjyGVasRwrnWgXVH9w0QlSgQ/IxlkhyEU9U

5YjUhtWaWqE2oSmHpGxgx/5/Lb+spEMIrntIMDTkdsYpZWYxdphQNc1uX3SMfOuF

XdSpe6A8NGH3SlBGqV/w6OHC3wIDAQABo2kwZzATBgkrBgEEAYI3FAIEBh4EAEMA

QTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPpa3

miD2TsTPAkAW05g1J94uztgwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEL

BQADggEBAGZo23oEnjcJi+Ixtu4zm3vk2H4QuBjJ+fwNaGe2E79ZvZpcYOjuKm3z

jwtcKxPgqC3Ocy26vJfHgGLYY1hkElIfhLO3Lbnqu7XHR9WzsJ9wdmpeF8rzYqNL

+4udiHeyTws/1aSzREn+tA9Lk54D31NAQwb+gGUUTtDwkbOTu3Xu4ZtBhHfzlnX6

Wbwwn5juhqLr0CXpoKxKFXLWrAyKSa2cDvEJ8EY5NsjSgXfJtCGBcBJM7ac0jwWM

8CXvWqB5LZjDja6coDvZx+AZf5YDxHl7ef//WkGLmINXdKFfyNTYoL6v4RsBV6aP

Qx29zrqqPgyywwwoK/sUpUVOAsK2pvU=

-----END CERTIFICATE-----

 

Certificate has the following attributes:

       Fingerprint MD5: 9E9F2B6E 9B6D6FFA 345FF711 E8960550

      Fingerprint SHA1: 4D26DA65 949245D6 11A7DE78 17B55EF0 A290D408

 

% Do you accept this certificate? [yes/no]: yes

Trustpoint CA certificate accepted.

% Certificate successfully imported

 

generate ＣＵＢＥ ＣＲＳ

cube1(config)#crypto pki enroll cube1-certificate

% Start certificate enrollment ..

 

% The subject name in the certificate will include: CN=cube1.dcloud.cisco.com

% The subject name in the certificate will include: cube1.dcloud.cisco.com

% Include the router serial number in the subject name? [yes/no]: yes

% The serial number in the certificate will be: 9R9DK9P4EBV

% Include an IP address in the subject name? [no]: no

Display Certificate Request to terminal? [yes/no]: yes

Certificate Request follows:

 

-----BEGIN CERTIFICATE REQUEST-----

MIICwjCCAaoCAQAwXDEfMB0GA1UEAxMWY3ViZTEuZGNsb3VkLmNpc2NvLmNvbTE5

MBIGA1UEBRMLOVI5REs5UDRFQlYwIwYJKoZIhvcNAQkCFhZjdWJlMS5kY2xvdWQu

Y2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG6ooWcs

w1k3O+L1uazKYtCp9N4rfay177VXY/GfOw00+fsuQubH/rJNqRIXb0F4GX82TfiR

dAbGA5mUQ2gVVz/c4xKTDXtg1/wNUKgpSCcebLwDN9L69nN+foj/SYIE092Tk7LH

5K4m625MCUBn82vyXEaE/9QmWFIGH8q2sw5GXI+HGPhtj20paeQTosk1/NsCNtGH

tLi5QJoyl/V3FXdsA8IANmj8J8ycFHiDKwm1WeI4ExbbRrwRLHAlodInDDPznxpK

pBYYmhdav6+d7SAh0dj12RU/Y197Y5ElzwNGaOSfVcXeMmpqXB3QONDTr23GUDGm

7cBnNAyLGmrH3wIDAQABoCEwHwYJKoZIhvcNAQkOMRIwEDAOBgNVHQ8BAf8EBAMC

BaAwDQYJKoZIhvcNAQELBQADggEBAEp10DkBWuot78zzfrf+RwKonRrq5x2aXXB7

9aiM24pBML4qp38EQI5Sdxbfrz7f5FxaTNksVpKlmQsnOH6uvUjVqirV5JUHPjSz

P86s6+jcWv813jlQMZPu220rT6+EUR8H++7/y/B3UXdOn3YUQeOurOf+MIBf1kZj

ElOMkcuqhpLZ3r3GjOcDf8n0fFpP68BcQGGNufGZ66BqG9qS7TblIQ2E/FjKZIcG

ARIyp/pflOcwEdDueb0/tFXiGRwHkIozzXr0EttmSsLqUWmi52iGAG9lx9ZzoP7m

CWjeKEBS4J7mFPfZ4evmWywgaooPG7lYUtFzyTkMaqxzM02NwGI=

-----END CERTIFICATE REQUEST-----

 

---End - This line not part of the certificate request---

 

Redisplay enrollment request? [yes/no]:　ｎｏ

 

copy CSR to ＣＡ webpage

 

 

ｗｏｒｄｐａｄ openes ＣＵＢＥ.cer　copy & paste to ＣＵＢＥ

cube1(config)#crypto pki import cube1-certificate certificate

 

Enter the base 64 encoded certificate.

End with a blank line or the word "quit" on a line by itself

 

-----BEGIN CERTIFICATE-----

MIIFdTCCBF2gAwIBAgITbgAAABt/5CHe1E+WggAAAAAAGzANBgkqhkiG9w0BAQsF

ADBYMRMwEQYKCZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFY2lzY28x

FjAUBgoJkiaJk/IsZAEZFgZkY2xvdWQxEjAQBgNVBAMTCWRjbG91ZC1DQTAeFw0x

OTEyMDYyMzAyNDJaFw0yNDEyMDQyMzAyNDJaMCExHzAdBgNVBAMTFmN1YmUxLmRj

bG91ZC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE

bqihZyzDWTc74vW5rMpi0Kn03it9rLXvtVdj8Z87DTT5+y5C5sf+sk2pEhdvQXgZ

fzZN+JF0BsYDmZRDaBVXP9zjEpMNe2DX/A1QqClIJx5svAM30vr2c35+iP9JggTT

3ZOTssfkribrbkwJQGfza/JcRoT/1CZYUgYfyrazDkZcj4cY+G2PbSlp5BOiyTX8

2wI20Ye0uLlAmjKX9XcVd2wDwgA2aPwnzJwUeIMrCbVZ4jgTFttGvBEscCWh0icM

M/OfGkqkFhiaF1q/r53tICHR2PXZFT9jX3tjkSXPA0Zo5J9Vxd4yampcHdA40NOv

bcZQMabtwGc0DIsaasffAgMBAAGjggJtMIICaTAOBgNVHQ8BAf8EBAMCBaAwHQYD

VR0OBBYEFBO7mCnNjH6MetBPFfO/TAt4qSICMB8GA1UdIwQYMBaAFD6Wt5og9k7E

zwJAFtOYNSfeLs7YMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGgbNsZGFwOi8vL0NO

PWRjbG91ZC1DQSxDTj1DQSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vydmlj

ZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1kY2xvdWQsREM9Y2lz

Y28sREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RD

bGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBwwYIKwYBBQUHAQEEgbYwgbMwgbAG

CCsGAQUFBzAChoGjbGRhcDovLy9DTj1kY2xvdWQtQ0EsQ049QUlBLENOPVB1Ymxp

YyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24s

REM9ZGNsb3VkLERDPWNpc2NvLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2Jq

ZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA8BgkrBgEEAYI3FQcELzAt

BiUrBgEEAYI3FQiDtZJPg8jodIf9kT2BpI00sY8dMIaCy1WE8roVAgFkAgEEMB0G

A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAnBgkrBgEEAYI3FQoEGjAYMAoG

CCsGAQUFBwMBMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA7Esjt0MGR

CWixwwX+fxxwhtM3WtvEVbsAjwqb4AYSnAZZYG9Xr1VlAdJUh0dRBFLZY5GWdPRQ

rrYJAq8L9D+mv3KoqJes/p6O20x3P2dSPgUaCaDE54IgkICzkQeY4BSTDa3dabob

sWMaBojwPIPowdrpTyxNmKDgif6uFoic2ADBTVCpcJCrTSTegu1L/dlSs2SPuULv

VMcH2M+0sP0c1DMvx1Bo9bi0rsBY1p5OzS0Vx/jlyY9L0M2M9z61Vg05uhhJDQhD

6iDMnJTebQxSv8A2huXTwK0YgfGIOuzTMxgryuN/oEy90RACJBgpRp44NAlPDWnf

VToXyidwOnJh

-----END CERTIFICATE-----

 

% Router Certificate successfully imported

 

enable signal encryption，　ＩＰ is ＣＵＢＥ

cube1(config)#sip-ua

cube1(config-sip-ua)#crypto signaling remote-addr 198.18.133.3 255.255.255.255 trustpoint cube1-certificate

 

Dial-peer　enable ＴＬＳtransport

dial-peer voice 300 voip

 description *** Inbound LAN side dial-peer ***

 translation-profile incoming hairpin-trans

 session protocol sipv2

 session transport tcp tls

 incoming called-number 9T

 voice-class sip pass-thru content sdp

 voice-class sip bind control source-interface GigabitEthernet1

 voice-class sip bind media source-interface GigabitEthernet1

 dtmf-relay rtp-nte

 codec g711ulaw

!

dial-peer voice 400 voip

 description *** Outbound LAN side dial-peer ***

 destination-pattern 40855511..$

 session protocol sipv2

 session target ipv4:198.18.133.3

 session transport tcp tls

 voice-class sip bind control source-interface GigabitEthernet1

 voice-class sip bind media source-interface GigabitEthernet1

 dtmf-relay rtp-nte

 codec g711ulaw

 

ＳＲＴＰ pass-thru　media pass-throu

cube1(config)#voice service voip

cube1(conf-voi-serv)#srtp pass-thru

 

ＣＵＣＭ， SIP secure profiel

 

SIP  TRUNK

 

 

show sip-ua calls

show sip-ua connections tcp tls detail

show sip-ua srtp