Genesys Cloud - Main

 View Only

Discussion Thread View
Expand all | Collapse all

BYOC Cloud with Cisco CUBE SBC

  • 1.  BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 10:11
    Hi All,

    Has anyone used or seen BYOC Cloud with Cisco CUBE SBCs working successfully(using TLS)? I am trying to bring up a new org and is running into compatibility issues. If someone has experience with this, can you please share the firmware version that worked?

    Thanks,

    Andrew
    #SIP/VolP
    #Telephony

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------


  • 2.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 10:49
    Hi Andrew, 
    We are using UBE for routing into byoc cloud, but we're not using TLS (there are a few different reasons for this). 
    Anywho, the CUBE is ISR4351/K9 (2RU), Version 16.09.05.

    ------------------------------
    Dean Thames
    Koch Business Solutions
    ------------------------------



  • 3.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 11:00
    Hi Dean,

    Thanks for your response. Since you are not using TLS how are you getting the signaling/audio secured over the public internet to and from Genesys? Everything also works fine for me if I just use UDP or TCP but I have a need to encrypt the connection.

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------



  • 4.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 12:44
    Well, its unencrypted, so technically it's unsecure. But this all depends on the risk you're trying to control for and where you think it is. Assuming your Cisco equipment is on prem and has its own security mechanisms (i.e., behind firewalls and limited access), and the media is encrypted once it hits Genesys, then the risk is with the actual media transiting the internet,.

    Up for challenge here, but the risk of rtp streams in transit being listened in or or otherwise being stolen is pretty low. Anything is possible however.

    ------------------------------
    Dean Thames
    Koch Business Solutions
    ------------------------------



  • 5.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 04-07-2022 19:07
    Hi Dean,
    I'm trying to configure a trunk between my Cisco CUBES(ISR4431) to Genesys Cloud for a new implementation, do you happen to have a cisco config template to get that trunk operational.
    Thank you.

    ------------------------------
    Benny Jimenez
    City of El Paso (TX)
    ------------------------------



  • 6.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 06-02-2021 11:37
    Hi Andrew,

    We tried unsuccessfully to implement TLS with our CUBE.  As I understand it, Genesys Cloud requires one of these ciphers:
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    Those ciphers were supported in the CUBE starting with 17.3.1a.  Unfortunately, our CUBE is on old hardware and unable to run that version, so we were not able to add TLS to our trunks yet.  These links might help you:

    TLS trunk transport protocol specification - Genesys Cloud Resource Center (mypurecloud.com)
    Cisco Unified Border Element Configuration Guide - SIP TLS Support on CUBE [Cisco Unified Border Element] - Cisco


    ------------------------------
    Greg Bagley
    U.S. Xpress Enterprises
    ------------------------------



  • 7.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-19-2021 17:56
    Yes have this deployed


    ------------------------------
    Jim Foley
    AXA Ireland
    ------------------------------



  • 8.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-19-2021 18:36
    Hi Jim, your deployment is working with TLS? What version of IOS are you running?

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------



  • 9.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-20-2021 00:43
    HI Andrew, it's been a while but did you get the certificates installed on both sides?  I'm not doing CUBE to BYOC Cloud but using TLS 1.2 to BYOC prem.  If I recall the difficult part was getting the client's self-signed certificate created correctly so it could be added to the certificate authorities section in Genesys Cloud. I also don't remember if we had to copy the actual Genesys cert onto the CUBEs too.

    I'll see if I can find out what version of iOS we have - that's handled by another team but these CUBES have been deployed.  They're the guys that setup the trustpoints etc in the CUBEs and i just acted as the middle man.

    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------



  • 10.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-12-2023 12:16
    Hi Andrew,

    we are also facing problems with TLS in a BYOC Cloud / Cisco Cube environment. 
    Did you get it to work? Any tips for us?


    ------------------------------
    Kathrin Herrmann
    InfinIT.cx GmbH
    ------------------------------



  • 11.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-12-2023 22:23
    Hi Kathrin,

    Yes we got it to work. There was a bug in the Cisco IOS version that we were running, I think anything 17.3.x and below had this problem. I might be able to give some pointers if you can let me know what specific issues you are experiencing.

    Andrew


    ------------------------------
    Andrew Ng
    New York University
    ------------------------------



  • 12.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-13-2023 03:32
    Hi Andrew, 
    thanks for the information, that is good news :-)
    Our current problem is:
    We can establish a TLS handshake but the SIP Invite from either direction runs into a timeout.
    The invite messages are not received by the recipient they get lost or ignored somewhere on the way.

    I did send you a contact request - it would be great if we could have a quick call if that is ok with you.

    ------------------------------
    Kathrin Herrmann
    InfinIT.cx GmbH
    ------------------------------



  • 13.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-16-2023 18:05
    Hi Kathrin,

    Sorry it was a holiday here in the US so I didn't see your reply. I might have some time this week, but if you don't mind sending your config over I can take a look to see if I spot anything first.

    Andrew

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------



  • 14.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-03-2023 13:21

    Hello Andrew, would you be willing to share the details on the IOS bug and the firmware version that you updated to?  I have been working with TAC as well and they have not yet provided me any details.



    ------------------------------
    Mark Vogl
    Cerium Networks
    ------------------------------



  • 15.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 26 days ago

    Hello Andrew,

    I'm really happy to read you successfully connect Genesys Cloud and Cisco cube with BYOC Cloud topology via TLS.

    We are trying to put in place the same topology: Genesys Cloud BYOC Cloud and Cisco CUBE but we are facing some issues.

    We first tried without TLS and everything worked fine. Now that we have put in place the TLS setup, only inbound calls are working, not outbound.

    of course we work on Genesys Cloud and we don't have in deep Cisco expertise, but what the partner referred to us is that for outbound they cannot disable mTLS (not supported by Genesys). Did you have the same/similar issue? their CUBE version is 17.09.04s so I believe that they are not affected by the mentioned problem on previsous version.

    any tip you can give us, would be really appreciated.

    thanks,

    Alexandra



    ------------------------------
    Alexandra Manea
    Indra Italia spa
    ------------------------------



  • 16.  RE: BYOC Cloud with Cisco CUBE SBC
    Best Answer

    Posted 25 days ago
    Hi Alexandra,

    One thing that I could think of is to check if you have all the necessary certificates loaded in the CUBE. I would also make sure under sip-ua has crypto signaling trustpoint set to your signed certificate. If you send me your cube config I can maybe take a look.

    Hope this helps.
     
    Andrew 






  • 17.  RE: BYOC Cloud with Cisco CUBE SBC