Technical Helpweb

- more articles

Create a basic working configuration for a DMG4000 as PSTN gateway for Microsoft Lync 2010

Overview

This article is designed to help get you started configuring a gateway from the Dialogic®4000 SBA Media Gateway Series.
The Dialogic®4000 SBA Media Gateway Series has powerful call routing and manipulation capabilities. However, a basic setup is often all that is required, and the basic configuration can also be useful as a platform for subsequently adding more complex configurations.

Although the DMG4000 documentation has more comprehensive information and should be consulted as a primary reference, this article should enable you to create a working configuration.

The scenario in this article assumes that the DMG4000 SBA will not be deployed as a Lync Survivable Branch Appliance. Instead the DMG4000 will be used as Lync PSTN gateway connecting to the Lync Frontend Mediation Server. However the DMG 4000 SBA version of the DMG4000 is required to perform the installation to ensure all Lync functionality is supported.

Step 1 – Verify Lync Topology

Confirm that the DMG 4000 SBA unit has been configured in the Microsoft Lync Topology as PSTN gateway using TLS transport.
The Lync 2010 Topology Builder should show the following entries in the PSTN gateway properties and Mediation pools properties.

 Step 2 - Start SIPcontrol

SIPcontrol may be configured logged on locally via Start > All Programs > Dialogic Diva > SIPcontrol

or remotely using a browser via the SBA start up page http://<SBA IP Address>. Log on as local administrator. The SIPcontrol configuration can be accessed via 'Setup Dialogic Media Gateway'

or remotely using a browser via the SIPcontrol configuration interface  http://<SBA IP Address>:10005

Step 3 – Configure PSTN access

Configure the Diva board which connects to your PBX or PSTN.
In SIPcontrol > Configuration > Board Configuration select the port to configure.

Please note:
On a Dell-based DMG4000 model the board ports are numbered as follows

On an Intel-based DMG4000 model the board ports are numbered as follows

Step 3a - Configure the protocol to work with your PBX (QSIG option)

If your PBX can run QSIG, this is generally the preferred option in terms of integration. 
If your PBX is in the 'PBX type' drop down list, select it; otherwise, select 'Generic' which will use a standard QSIG suitable for most PBXs.

Step 3b - Configure the protocol to work with your PBX (non-QSIG option)

If your PBX does not support QSIG, or you are connecting directly to the telephone network (PSTN), select the appropriate ISDN protocol that your PBX or telco supports.

Generally, in Europe this is EuroISDN; other countries, including the USA, use different standards.

Click SAVE when done. Reboot the gateway if prompted.

If you are not logged on locally the reboot can be started via the SBA configuration home page. Log in as local Administrator and click the 'Restart SBA' link.

For further information on board configuration click here 

Step 4 - Configure SIPcontrol for Frontend Lync Mediation Server.

Use the Configuration Wizard to generate a basic configuration.
Two routes will be configured that send all calls from the PSTN to the local Mediation Server and vice versa.
No number normalisation (E.164), secure communication (TLS / SRTP) or Lync call transfer will be configured.

Select Lync 2010 SBA and click 'Continue'.

The Wizard fills in the local listen ports (UDP/TCP/TLS 5081/5081/5082) for SIPcontrol used in a SBA installation scenario.
Note: Change the TLS listen port to 5067 as per step 1 PSTN Gateway Listening port configuration.

Proceed with the configuration windows to accept the SBA pre-sets. When done, click Finish and confirm the next pop-up.

Note: When finished the SIP peer preset configuration needs to be changed from a local peer to a remote peer.
To do so expand the 'SIP Peers section' and select 'Details' for the SBA peer.

In the 'General' section:
- Change the Name parameter to avoid confusion
- Change the Host / domain parameters to point to the host address of the Lync Mediation Server
- Change the Port parameter to 5067 as per step 1 - Mediation Server TLS Listening port
- Change the IP protocol to TLS

In the 'Security' section:

- Set the 'Media security level' to 'Offer and accept SRTP'.

To finsih the SIP peer configuration click 'OK' at the bottom of the pop-up window.

Step 5 - Configure Number Normalisation (E.164) using a Dialplan

The Dialplan defines the local dialing information where the DMG4000 gateway is situated.
If the Dialplan is correctly configured, the DMG4000 gateway will automatically handle called and calling party numbers, converting them to appropriate formats to dial out to the PBX/PSTN and formatting them before sending them to Microsoft Lync.

In the example below, the DMG4000 gateway is based in the UK(+44), in the Maidenhead area (1628), and has been allocated the local number range 384000 to 384999. Thus, the complete range of numbers is +441628384000 to +441628384999 and three digit extensions are used (000 - 999).
The DMG4000 is connected to a PBX and a 9 prefix is required to access the PSTN.


So, the numbers allocated to the DM4000 gateway should be entered into the Dialplan following the example for the UK:
Country code '44'
Area code '1628'
Base number '384'
Maximum extension digits '3'
Internation prefix '00'
National prefix '0'. 

If your DMG4000 gateway is connected to a PBX and you need to dial an access number for an outside line (for example: '9'), enter it in the Access code field.

In SIPcontrol configuration click on the grey Dialplans bar to extend the Dialplan configuration.
Click Add to open the Dialplan configuration window.

Step 6 - Add the Dialplan to the PSTN interfaces

The Dialplan you defined above now needs to be added to the PSTN interfaces on your Diva Media boards in the DMG4000 gateway. If you have multiple PSTN interfaces (that is, your DMG4000 gateway has more than one connection to the PBX or PSTN) then you should add the Dialplan to each of the PSTN Interfaces that are connected.

In SIPcontrol configuration click the grey PSTN Interfaces bar and click Detail of the Controller.

Selecting Number format 'Extension' will result in the calls being formatted correctly depending on their destination so is the recommend setting, 'National' is an alternative setting if you do not require to dial local PBX extensions.

Step 7 – Add Dialplan to SIP peer
In SIPcontrol configuration click the grey SIP Peers bar and click Detail of the Lync MedSrv peer.
Select the Dialplan created previously. To match the Lync user’s Line URI in E.164 format set Number format (outbound) to ‘International Number’ and Encoding (outbound) to ‘Use type flag’.

Step 8 - Enable Lync Call Transfer on DMG 4000.
In SIPcontrol configuration click the grey Routing bar and click Add to configure a new route.
Enter an unique name and set the Lync MedSrv peer as both Source and Master destination.
Under Conditions, enter the address of the Lync Server as both an FQDN and an IP address. This condition will match all transfer requests from the Lync Server.

Note 1: Any dot character in both IP address and FQDN must be commented out by a prefixed \ otherwise it will be interpreted as a regular expression.
Note 2:  If the Gateway is connected to a Lync Front End Server Pool instead a single Lync Front End Server, you need to use the FQDN of the pool and IP address of each pool member to match all transfer requests from the Lync Server.

Click OK to save the settings.

Move the new route to the top of the Routing table.

Step 9 – Create a private key file and certificates for SIPcontrol

This section describes how to use Active Directory Certificate Services to generate private key files and certificates for the DMG4000 Gateway.
For more details on the SIPcontrol security profile configuration please see the SIPcontrol reference guide.

Step 9a – Create private key file and certificate request

If you are using an older version of the DMG 4000 SBA openssl might not be preinstalled on the DMG 4000 Gateway. In this case download openssl and install it

Log on to the SBA and open a command line prompt. Enter these commands to generate the private key file and certificate request.

C:\....>cd /

C:\>mkdir keys\sba1

C:\>cd "Program Files (x86)\GnuWin32\bin"

C:\Program Files (x86)\GnuWin32\bin>openssl req -new -nodes -keyout c:\keys\sba1\priv.cer -out c:\keys\sba1\request.csr -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf"

The folder C:\keys\sba1 should now contain files ‘priv.cer’ and ‘request.csr’.

Step 9b – Create public certificates using certificate request file

Access the Active Directory Certificate Services website from any machine in the domain where the Microsoft Lync Front End Server is installed. The domain and IP address will vary, depending on the installation.

For example:

- http://domain/certsrv

- http://<IP address of AD DS server>/certsrv

On the AD DS Welcome page click ‘Request a certificate’.
On the next page ‘Submit an advanced certificate request’.
On the Advanced Certificate Request page ‘Submit a certificate request using a base-64-encoded … file’.

Open the C:\keys\sba1\ request.csr file with a text editor and copy and paste its content as Saved Request. Set ‘Web Server’ as Certificate Template.

Click Submit and download the certificate Base 64 encoded.

Save as file as certificate.cer

Step 9c – Download CA certificate

Go back to the AD DS Home Welcome page.
Click Download a CA Certificate, certificate chain, or CRL.

Save file as certificate_authority.cer

Step 9d – Configure Security in SIPcontrol

In SIPcontrol configuration, click the grey Security Profiles bar. Click Details to open the Security profile configuration.
For the Certificate authority file upload the certificate_authority.cer file generated in step 9c.
For the Certificate file upload the certificate.cer file generated in step 9b.
For the Key file upload the priv.cer file generated in step 9a.
As Host name enter the FQDN of the DMG4000 as done in step 9a.
Set Authentication mode to Mutual Authentication.

Click 'OK' to finish the Security profile configuration.

Note: You must click 'Activate' or 'Activate Configuration' in the SIPcontrol configuration to make the configuration changes active. If prompted for a restart of SIPcontrol, restart the service 'System Control'.