Converting Cisco CME to SIP to Support Remote NAT Users without VPN
Hello again from sunny Florida. If you have a Cisco ISR G1/G2 router and the right IOS, CME is a pretty handy built in VoIP PBX. While Asterisk has evolved a lot, it’s still challenging to set up multiple phones with the same extension. It can be done, but it can be hard for someone coming in behind you to support it. In addition, used Cisco 7900 series phones are pretty affordable, even if they are going to be discontinued soon. With IOS 15.1M, CME even supports an iPhone client type with the Cisco Mobile/Jabber App. Android is not supported until the 2900 series with 15.2 I believe, but you could always use a standard SIP client instead.
While my preference is to use DMVPN or EZVPN to connect remote branches, for a single user at a remote destination, this doesn’t always make sense. If the remote user has a Cisco 871 or such, SCCP loads on the phones can work through NAT, but this doesn’t work well with a standard home ‘router’ unless the phone is put into the DMZ. That can be challenging to support.
The solution to this is to move the phones to SIP loads for remote offices. CME supports multiple phones on the same extension and presence information even on the SIP loads. I did not find that using Cisco Configuration Professional (CCP) to configure CME was particularly useful, but it’s not super challenging if you’re familiar with IOS.
I’m working on a longer template that I plan to post, but the real keys I found to get started on remote phones is to make sure:
voice service voip
voice register global
authenticate realm example.com
!make sure to put NTP server in that phone can reach or auth will fail!
ntp-server 10.123.123.123 mode unicast
voice register pool 1
!with authenticate it must have a username/password
!this will be generated for the config file via ‘create profile’ / tftp
!or must be configured to match in phone manually
username makeUnique password DaBomb
debug voice register events
debug voice register errors
debug tftp events
debug ccsip messages !noisy
debug ccsip errors
debug ccsip events
SIP/2.0 401 Unauthorized
Contact doesn’t match any pools
Let me know if you get stuck or just decide you would rather have me do the whole thing ;)