Audiocodes Mediant integration guide

Audiocodes Mediant SBC is a Session Border Controller (SBC) product that can serve as part of an end-to-end SIP integration between Mindful Callback and an on-premise telephony platform. This guide is intended as a supplement to the ACD integration guides for Mindful Callback and only addresses configuration for Audiocodes.

Overview

This article covers the following aspects of Audiocodes SBC configuration:

  • Components and call flows
  • Basic configuration for standard SIP and RTP
    • New Proxy Set for Mindful Callback
    • Dial Plan Rule for calls to Mindful
    • Coders Allowed Group
    • IP Profile for Mindful
    • IP Group for Mindful
    • IP-to-IP Profile for calls to Mindful
  • Additional configuration for SIP over TLS with SRTP
    • Import the Mindful Callback TLS certificates as Trusted Root Certificates
    • Verify the SIP Interface TLS port and Context
    • Modify the Proxy Address to use TLS transport
    • Configure Media Security settings to enable SRTP
    • Modify the IP Profile to use SRTP
Note:

This guide assumes the following:

  • Both the agent leg and customer leg of a callback are delivered via the SBC.

  • The SBC is either:
    • Behind a NAT Firewall not using SIP ALG with a public IP configured in the SBC,
    • Behind a NAT Firewall using SIP ALG,
    • Or acting as an edge device and configured with a public IP.
  • The SBC is configured using a two-wire architecture – one private and one public interface. If this is not the case, adjust the configuration as needed while following this guide.

  • The SBC is already configured to send calls out to the PSTN network via a telephony service provider and to route calls into the contact center (via something like Genesys SIP Server).

  • This guide was produced based on release 7.20A of the Audiocodes SBC. Some configuration may appear differently in older releases. Consult the Audiocodes documentation for your version to supplement the steps listed in this guide.

  • Prior knowledge of Audiocodes SBC configuration, operation, and troubleshooting is assumed for users of this guide.

  • The configuration in this guide is an example and may be used as a template for integrating with Mindful. Any sample code in this guide should not be considered ready for production.

Before you begin

Consider the following factors before beginning the integration process.

  • If there are any firewalls between the SBC and Mindful Callback, the Mindful Callback SIP and RTP IP addresses provided by the Mindful Solution Delivery team should be whitelisted against the public IP for the SBC in those firewalls. If you use TLS as the SIP transport protocol, it is also recommended that firewall SIP ALG (packet inspection) be disabled for this traffic.

  • If your architecture includes more than one SBC, verify that the configuration is performed on each SBC that is involved in the Mindful call flow.

  • Consider any Mindful Callback IP address, FQDN, or SIP URI in this guide as an example that may not apply to your solution. The Mindful Callback IP addresses, FQDNs, and URIs specific to your integration will be provided by Mindful.

  • We recommend that a non-TLS configuration be implemented and tested before applying the TLS and SRTP configuration to verify that the integration is functioning. Some logs and traces may be unavailable once the signaling and media are encrypted.

Components and call flows

TermDefinition
CACertificate Authority: A public (such as Verisign or Entrust) or private (corporate) entity that signs TLS certificates for use in secure communication
SBCSession Border Controller
DIDDirect Inward Dialing phone number
FQDNFully qualified domain name: A complete domain name for a specific computer, or host, on the internet
ITSPInternet Telephony Service Provider: A provider of SIP telephony services that acts as an interface between SIP networks and the PSTN
NATNetwork Address Translation: A common feature on edge devices, such as firewalls, to map a public IP address to a private IP address
PSTNPSTN is the traditional circuit-switched telephone network that comprises all the worlds telephone networks operated by local carriers.
RTPReal-time protocol: The protocol used for the audio stream of a SIP call
SDPSession Description Protocol: Part of the SIP message structure describing the media (audio) in specific SIP requests and responses
SIPSession Initiation Protocol
SIP ALGSIP Application Layer Gateway: A router/firewall service that inspects SIP packets and rewrites IP addresses (for example, between public and private IPs in SIP headers and SDP)
SRTPSecure real-time protocol: Encrypted RTP
TLSTransport Layer Security: Used to encrypt network traffic between two points (SIP signaling in this case)
URIUniform Resource Identifier: A unique sequence of characters that identifies a logical or physical resource used by SIP technologies

Example call flows for inbound and callback interactions are included below.

Inbound call flow

call flow diagram
  • A customer calls into the contact center. The call lands on the SBC from the ITSP.
  • The SBC INVITEs the contact center (such as Genesys SIP Server).
  • A routing script sends the call back out to the SIP number provisioned in Mindful Callback ,either using a new INVITE or a REFER to the SBC.
  • The SBC sends an INVITE to Mindful Callback. The customer hears the callback offer prompts from Mindful.

Choose hold call flow

choose hold call flow diagram
  • A customer declines a callback offer. Mindful sends a REFER to the SBC with a Refer-To header containing the contact-center number (typically a queuing DN).
  • The SBC INVITEs the contact center (via a component lik Genesys SIP Server).
  • The call queues at normal inbound priority for the next agent.

Callback call flow

callback call flow diagram
  • Mindful Callback sends an INVITE to the SBC using the customer callback number as the destination number.
  • The SBC sends the call out to the customer over the PSTN.
  • Once the customer answers the call, Mindful sends an INVITE to the SBC with the Contact Center Phone Number configured in Mindful Callback as the destination. This is usually a contact-center DN.
  • The SBC invites the contact center and the call queues at high priority for the next agent. When an agent answers, the customer and agent are connected. At that point Mindful Callback steps out of the signaling path.

This shows a typical customer-first call flow. Mindful also supports an agent-first call flow in which the agent leg is initiated first. However, the SBC configuration is the same regardless of which method is used.

Basic configuration for standard SIP and RTP

Whether you intend to use TLS or unsecured communication, the steps in this section must be completed to set up the basic integration. We recommend performing each of the steps below in order, as some steps create items required in later steps.

1. Verify NAT Translation

If the SBC is behind a NAT device without any kind of Packet Inspection (e.g. ALG), or when using TLS, NAT translation should be used. Using NAT translation ensures that the SBC replaces its ow internal IP address with the public IP. This should be done in SIP headers and SDP lines when sending requests and responses to Mindful. This can prevent issues such as Mindful trying to reply to the SBC's internal address rather than the public IP or trying to initiate an RTP stream to the wrong address.

Any existing connections to a SIP provider (ITSP) will typically require this configuration. If not, the NAT Translation can be configured in the web interface at IP Network > NAT Translation.

image of nat translation settings

In this example, the SBC will replace the internal IP interface address of the WAN Interface (WAN_IF) with the example public IP address 8.22.33.44.

Applying NAT Translation to an IP Interface where NAT Translation was not previously required may impact existing routes. To avoid this, verify that any other Proxy Sets associated with SIP Interfaces that use the same Source IP Interface as Mindful Callback are not going to be impacted by this change. If in doubt, create a new IP Interface and SIP Interface.

2. Create A new Proxy Set and Proxy Address

The Proxy Sets defines one or more SIP addresses associated with an IP Profile.You will need to create a new Proxy Set for Mindful.

Quick access: Signaling & Media > CoreEntities > Proxy Sets

Proxy Set

  • On the Proxy Sets page, click New to get started.

image of proxy sets settings

  • Configure the new set as shown in the example:
    • Give the new Proxy Set a name (such as MindfulCallback).
    • Set the interface to be used (typically the public interface).
    • In the Advanced section, set the Classification Input to IP Address only.
    • Set the DNS Resolve Method to A-Record if the SBC can resolve the Mindful SIP proxy FQDN URI provided by the Mindful Solution Delivery team.
    • Leave all other settings with default values if possible.
  • Click Apply to add the new Proxy Set.

Proxy Address

  • Back on the Proxy Sets page, select the newly created Mindful Proxy Set
  • Scroll to the bottom of the page and click the Proxy Address 0 Items link. You should see an empty list of Proxy Addresses.
  • Click New to add a new address.
  • Configure the proxy address as shown below. Use the Mindful SIP URI provided by the Solution Delivery team.

proxy address

  • Click Apply to add the new Proxy Address.

The proxy set configuration is now complete.

3. Create a New Dial Plan Rule

Dial Plans can be used to segment or manipulate calls matching specific number patterns for their source or destination numbers. Dial Plans are flexible, so the following example may differ from the way you use them in your environment.

In this example, there is one existing Dial Plan containing all the Dial Plan Rules required to route calls between the contact center and the SIP provider. You will need to add one more Dial Plan Rule to tag calls matching the number pattern for calls to Mindful.

If your contact center does not contain any Dial Plans, create a new one from the Dial Plan list page by clicking New and giving the new Plan a name. There is no additional configuration for the Dial Plan other than the rules that belong to it.

Follow the steps below to add a new rule to the Dial Plan(to send calls to Mindful Callback).

Quick access: Signaling & Media > SIP Definitions > Dial Plan

  • Select the plan on the Dial Plan page.
  • Click the link under the list: Dial Plan Rule (n) Items.

A Dial Plan Rule pop-up window will appear. In this window, configure the item as shown below.

image of dial plan rules

  • Give the rule a name.
  • Prefix: Enter the SIP prefix for the number range assigned to your organization in Mindful, which will be provided by the Mindful Solution Delivery team.

In this example, the SIP number range includes 9-digit numbers starting with 26788. To denote this in the plan, we entered 26788xxxx# in the Prefix field. This means any number starting with 26788 and followed by four digits will fall into this Dial Plan. The end of the number pattern is marked with the pound symbol.

  • Tag: Enter any label that will be configured in the IP-to-IP Routing table to make sure these calls are routed to the correct IP Profile.
  • Click Apply to add the new rule.

In our example integration, the complete list of dial plan rules now looks as follows:

example dial plan rules

Note:
  • The Dial Plan will match rules in index order, so make sure that any number patterns above the new Mindful rule are above any other rules that could potentially match the number range for Mindful Callback.

  • The rule in the example used for calls to the Contact Center (named GenesysRPs) is required to route agent-leg calls returning from Mindful (choose-hold or callback) back to the contact center using the appropriate DN numbers (in this case, five-digit numbers beginning with 12).

  • The rules for sending calls to the SIP provider (named pstnCalls and pstnCallsPlus) will instruct the SBC to dial the customer number by sending a SIP INVITE back into the SBC using an e164-formatted number. A route directly back out to the SIP provider is required for those calls.

4. Create a new Coders Allowed Group

The Allowed Audio Coders Group is a set of one or more audio codecs (known as coders in AudioCodes) that can be assigned to an IP Profile to restrict codecs to that list. The group can also be used to set a codec preference order.

Since Mindful Callback only supports G711 ulaw, we recommend an Allowed Audio Coders Group containing only that codec. You may already have a group with only the ulaw codec, or a group with multiple codecs including ulaw. If so, you can use that.

Use the following steps to create a new Allowed Audio Coder group.

Quick access: Signaling & Media > Coders & Profiles > Allowed Audio Coders Groups

  • In the list of groups, click New and give the new group a name.

image of the allowed coders settings

  • Click Apply to add the new group.
  • Back in the list of Allowed Audio Coders Groups, select your new group.
  • In the bottom section, click the Allowed Audio Coders [n] items link. You will be shown the Allowed Audio Coders page.
  • Click New above the empty list of Coders to add an Allowed Coder to your new group.

image of allowed coders settings

  • Select G711 U-law as the Coder.
  • Click Apply to add the new coder to the group.

The new Allowed Audio Coder Group configuration is now complete.

5. Create a new Message Manipulation to add Mindful Routing Token

Quick access: Signaling & Media > Message Manipulation > Message Manipulations

The Mindful SIP Router validates and routes incoming SIP invites using a dedicated custom SIP header called X-Mindful-Routing-Token. When your Mindful Callback Organization is set up by the Mindful Solution Delivery team, the routing token will be provided. This needs to be sent as the value of the new X-Mindful-Routing-Token SIP header in the INVITE to Mindful Callback.

In the SBC, this can be accomplished using message manipulation which allows manipulation of the SIP / SDP headers at different stages of the call traversing through the SBC. To do this, create a new Message Manipulation and configure the General and Match sections as shown below. If there is an existing Message Manipulation Set in use with calls to Mindful Callback, either use the same Manipulation Set ID or use a new unique Manipulation Set ID (with further configuration needed and detailed in the next section). The Message Type should be Invite.request to only apply the rule to invites to Mindful Callback.

screenshot of messaging manipulations

Configure the Action section as shown, with the Action Value provided by the Mindful Solution Delivery Team:

screenshot of messaging manipulations

6. Create a new IP Profile

IP Profiles define a set of SIP interworking parameters. We recommend that you create a new profile for Mindful Callback to ensure that any changes to this or existing profiles do not impact signaling between other SIP entities that share an IP Profile. This can be the case for the contact center or SIP provider, for example.

Use the following steps to create a new IP Profile:

Quick access: Signaling & Media > Coders & Profiles > IP Profiles

  • To create a new entry from the list of IP Profiles, click New.
  • On the IP Profile page, give the profile a name in the General section:

example I.P. profiles settings

  • In the Media section, select the Allowed Audio Coders group configured previously.
  • Allowed Coders Mode: Set to Restriction.

example S.B.C. media settings

  • In the SBC Forward and Transfer section, select Handle Locally as the Remote REFER Mode:

image of forward and transfer settings

  • Leave all other IP Profile settings at default values, if possible.
  • Click Apply to save the new IP Profile configuration.

7. Create a new IP Group

An IP Group is a logical representation of a SIP entity. IP Groups contain specific configuration associated with a Proxy Set and IP Profile. You will need a new IP Group for Mindful Callback associated with the Proxy Set and IP Profile created previously.

Quick access: Signaling & Media > Core Entities > IP Groups

  • To create a new IP Group, click New from the list of IP Groups.

IP group

  • In the General section, give the group a name.
  • Type: Select Server.
  • Proxy Set and IP Profile: Select the entries previously configured for Mindful Callback.
  • SIP Group Name: Enter the Mindful Callback SIP URI (the same one used previously to configure the Mindful Callback Proxy Set, but without any port suffix) For example, sip-callback.mindful.cx.

example advanced settings

  • In the SBC Advanced section, in the Dial Plan field, select the Dial Plan to be used when a call arrives into the SBC from this IP Group.

This Dial Plan will be used to route calls from Mindful to the PSTN (customer leg of the callback) and the contact center. Thus, it should contain rules to match e164 numbers and contact-center DNs. See the example below for more context:

example dial plan rules

  • Click Apply to save the new Group when finished.

8. Create a new IP-to-IP Routing profile

The IP-to-IP Routing profile defines a valid route through the SBC. These profiles can be configured as static routes between a source IP Group and a destination IP Group or can be configured to allow any source IP Group to route to a specific IP Group using Dial Plan Rule tags for route selection.

Use the steps below to create a new IP-to-IP Routing profile for Mindful Callback.

Quick access: Signaling & Media > SBC > Routing > IP-to-IP Routing

  • To create a new profile, click New above the list of existing entries.

example general settings

  • Give the new route a name in the General section.

example match settings

  • In the Match section, select the Source IP Group if required (or any as seen in the following example).
  • Enter the Destination Tag that was configured in the Dial Plan Rules for the Mindful Callback numbers (for example, destination=mindful).

example action settings

  • In the Action section, set the Destination Type to IP Group.
  • In the Destination IP Group field, select the IP Group configured previously for Mindful Callback.
  • Click Apply to save the new IP-to-IP Routing profile.

At this point, the basic configuration is complete and ready for testing. The remainder of this guide provides instructions to secure the integration via SIP/TLS with SRTP.

Additional configuration for SIP over TLS with SRTP

To secure the SIP and RTP traffic between the SBC and Mindful Callback, you will need some additional configuration on the SBC after completing the basic integration steps.

Note:

The steps in this section must be performed in addition to the configuration performed in the previous section, but only when using SIP over TLS with SRTP.

Download the Entrust Root CA and Intermediate Root CA certificates

Mindful Callback uses certificates signed by the Certificate Authority (CA) Entrust to provide secure SIP communication. Since the Audiocodes SBC requires both the Root and Intermediate Root CA certificates in the certificate chain, you will need to download both before importing them into the SBC's Trusted Root Certificate store.

You can download both Entrust certificates from the Entrust website.

The G2 certificates are used with Mindful Callback, so download both the Root Certificate and the (Non-EV SSL) CA – L1K Chain/Intermediate certificates as highlighted here:

image of entrust download links

2. Import Mindful Callback TLS certificates

The Audiocodes SBC uses TLS profiles called Contexts.

The SBC is typically already installed with a default Context containing its own server TLS certificate and Trusted CA certificates from several internet CAs (this may not include Entrust). To communicate with Mindful Callback over TLS, you will need to import the downloaded Entrust Root CA and Intermediate Root CA TLS certificates into either an existing Context or a new Context. In this guide, we assume you will import the downloaded Entrust certificates into an existing Context.

Note:

If TLS is already being used for SIP traffic on the SIP Interface used for Mindful Callback, the same TLS Context configured on that SIP Interface should be used to import the Mindful Callback certificates.

Use the following steps to import each of the Entrust certificate files.

Quick access: IP Network > Security > TLS Contexts

  • On the TLS Contexts page, highlight the Context to use, then click Trusted Root Certificates at the bottom of the page.
  • Click Import to select the certificates. Select the Entrust G2 Root CA certificate (entrust_g2_ca.cer) and the Entrust Intermediate root CA (entrust_l1k.cer).

By default, the Open file window will be set to only display .pem files. You'll need to change the view to see the .cer files downloaded from Entrust.

The list of trusted certificates will now show two new entries (Entrust Root Certification Authority and Entrust Certification Authority):

example trusted root certificates list

Highlighting one of these new certificates will display details in the bottom pane, as in the example below:

example certificate text

The TLS Context is now ready to use in a later step.

3. Modify the SIP interface

To ensure that TLS can be used as the signaling transport protocol, the SIP Interface used for communication with Mindful Callback should be configured with a TLS port and set to use the TLS Context containing the Mindful Callback CA certificates.

Quick access: Signaling & Media > Core Entities > SIP Interfaces

  • Select the SIP Interface used for Mindful Callback, then click Edit. The SIP Interface will open in a new pop-up window.

example general settings

  • In the General section, make sure the TLS Port field is configured. This field is often empty by default.
Important:

The most commonly used port for SIP TLS is 5061. If another port is used, advise the Mindful Solution Delivery team so that the correct values can be configured in Mindful Callback.

  • In the Security section, make sure that the TLS Context containing the imported Mindful Callback certificates is selected:

example security settings

  • Click Apply to save the SIP Profile.

The SIP Interface is now configured to allow TLS communication between the SBC and Mindful.

4. Modify the Proxy Set (proxy address for Mindful Callback)

To ensure that TLS is used for SIP requests to Mindful Callback, you will need to modify the proxy address of the Proxy Set to use the correct port and transport protocol.

Quick access: Signaling & Media > Core Entities > Proxy Sets

  • On the Proxy Sets page, select the recently created Mindful proxy set.
  • Scroll down to the bottom of the page and click the Proxy Address 1 Items link. The proxy address page should now display the proxy address for Mindful Callback.
  • Click Edit to modify the address:

example proxy address settings

  • Update the port in the Proxy Address field to 5567 instead of 5566.
  • Change the value in the Transport Type field from UDP to TLS.
  • Click Apply to save the Proxy Address.

5. Modify Media Security

Quick access: Signaling & Media > Media > Media & Security

  • Click Media Security and make sure that secure RTP (SRTP) is used as the audio transport by matching the configuration shown below:

example media security settings

Media Security is the most important field here, and it should contain a value of Enable. The other values shown are recommended, but if your SBC already uses SRTP and has different values for these fields, the current values may be valid for Mindful Callback SRTP (as long as Media Security is set to Enable).

  • Click Apply to save the Media Security configuration.

6. Modify the IP Profile for Mindful Callback

Finally, the IP Profile created previously for Mindful Callback must be updated.

Quick access: Signaling & Media > Coders & Profiles > IP Profiles

  • Select the Mindful Callback IP Profile from the IP Profile page and click Edit.

media security settings

  • The only required change is within the Media Security section. Set the SBC Media Security Mode for this profile to Secured.
  • Click Apply to save the profile.

The TLS/SRTP configuration is now complete and the full integration should be ready for testing.