Genesys Cloud - Main

 View Only

Discussion Thread View
Back to discussions
Expand all | Collapse all

BYOC Cloud with Cisco CUBE SBC

  • 1.  BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 10:11
    Hi All,

    Has anyone used or seen BYOC Cloud with Cisco CUBE SBCs working successfully(using TLS)? I am trying to bring up a new org and is running into compatibility issues. If someone has experience with this, can you please share the firmware version that worked?

    Thanks,

    Andrew
    #SIP/VolP
    #Telephony

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------


  • 2.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 10:49
    Hi Andrew, 
    We are using UBE for routing into byoc cloud, but we're not using TLS (there are a few different reasons for this). 
    Anywho, the CUBE is ISR4351/K9 (2RU), Version 16.09.05.

    ------------------------------
    Dean Thames
    Koch Business Solutions
    ------------------------------

    Original Message


  • 3.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 11:00
    Hi Dean,

    Thanks for your response. Since you are not using TLS how are you getting the signaling/audio secured over the public internet to and from Genesys? Everything also works fine for me if I just use UDP or TCP but I have a need to encrypt the connection.

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------

    Original Message


  • 4.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 05-17-2021 12:44
    Well, its unencrypted, so technically it's unsecure. But this all depends on the risk you're trying to control for and where you think it is. Assuming your Cisco equipment is on prem and has its own security mechanisms (i.e., behind firewalls and limited access), and the media is encrypted once it hits Genesys, then the risk is with the actual media transiting the internet,.

    Up for challenge here, but the risk of rtp streams in transit being listened in or or otherwise being stolen is pretty low. Anything is possible however.

    ------------------------------
    Dean Thames
    Koch Business Solutions
    ------------------------------

    Original Message


  • 5.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 04-07-2022 19:07
    Hi Dean,
    I'm trying to configure a trunk between my Cisco CUBES(ISR4431) to Genesys Cloud for a new implementation, do you happen to have a cisco config template to get that trunk operational.
    Thank you.

    ------------------------------
    Benny Jimenez
    City of El Paso (TX)
    ------------------------------

    Original Message


  • 6.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 06-02-2021 11:37
    Hi Andrew,

    We tried unsuccessfully to implement TLS with our CUBE.  As I understand it, Genesys Cloud requires one of these ciphers:
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    Those ciphers were supported in the CUBE starting with 17.3.1a.  Unfortunately, our CUBE is on old hardware and unable to run that version, so we were not able to add TLS to our trunks yet.  These links might help you:

    TLS trunk transport protocol specification - Genesys Cloud Resource Center (mypurecloud.com)
    Cisco Unified Border Element Configuration Guide - SIP TLS Support on CUBE [Cisco Unified Border Element] - Cisco


    ------------------------------
    Greg Bagley
    U.S. Xpress Enterprises
    ------------------------------

    Original Message


  • 7.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-19-2021 17:56
    Yes have this deployed


    ------------------------------
    Jim Foley
    AXA Ireland
    ------------------------------

    Original Message


  • 8.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-19-2021 18:36
    Hi Jim, your deployment is working with TLS? What version of IOS are you running?

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------

    Original Message


  • 9.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 08-20-2021 00:43
    HI Andrew, it's been a while but did you get the certificates installed on both sides?  I'm not doing CUBE to BYOC Cloud but using TLS 1.2 to BYOC prem.  If I recall the difficult part was getting the client's self-signed certificate created correctly so it could be added to the certificate authorities section in Genesys Cloud. I also don't remember if we had to copy the actual Genesys cert onto the CUBEs too.

    I'll see if I can find out what version of iOS we have - that's handled by another team but these CUBES have been deployed.  They're the guys that setup the trustpoints etc in the CUBEs and i just acted as the middle man.

    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------

    Original Message


  • 10.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-12-2023 12:16
    Hi Andrew,

    we are also facing problems with TLS in a BYOC Cloud / Cisco Cube environment. 
    Did you get it to work? Any tips for us?


    ------------------------------
    Kathrin Herrmann
    InfinIT.cx GmbH
    ------------------------------

    Original Message


  • 11.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-12-2023 22:23
    Hi Kathrin,

    Yes we got it to work. There was a bug in the Cisco IOS version that we were running, I think anything 17.3.x and below had this problem. I might be able to give some pointers if you can let me know what specific issues you are experiencing.

    Andrew


    ------------------------------
    Andrew Ng
    New York University
    ------------------------------

    Original Message


  • 12.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-13-2023 03:32
    Hi Andrew, 
    thanks for the information, that is good news :-)
    Our current problem is:
    We can establish a TLS handshake but the SIP Invite from either direction runs into a timeout.
    The invite messages are not received by the recipient they get lost or ignored somewhere on the way.

    I did send you a contact request - it would be great if we could have a quick call if that is ok with you.

    ------------------------------
    Kathrin Herrmann
    InfinIT.cx GmbH
    ------------------------------

    Original Message


  • 13.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 01-16-2023 18:05
    Hi Kathrin,

    Sorry it was a holiday here in the US so I didn't see your reply. I might have some time this week, but if you don't mind sending your config over I can take a look to see if I spot anything first.

    Andrew

    ------------------------------
    Andrew Ng
    New York University
    ------------------------------

    Original Message


  • 14.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-03-2023 13:21

    Hello Andrew, would you be willing to share the details on the IOS bug and the firmware version that you updated to?  I have been working with TAC as well and they have not yet provided me any details.



    ------------------------------
    Mark Vogl
    Cerium Networks
    ------------------------------

    Original Message


  • 15.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-10-2024 05:21

    Hello Andrew,

    I'm really happy to read you successfully connect Genesys Cloud and Cisco cube with BYOC Cloud topology via TLS.

    We are trying to put in place the same topology: Genesys Cloud BYOC Cloud and Cisco CUBE but we are facing some issues.

    We first tried without TLS and everything worked fine. Now that we have put in place the TLS setup, only inbound calls are working, not outbound.

    of course we work on Genesys Cloud and we don't have in deep Cisco expertise, but what the partner referred to us is that for outbound they cannot disable mTLS (not supported by Genesys). Did you have the same/similar issue? their CUBE version is 17.09.04s so I believe that they are not affected by the mentioned problem on previsous version.

    any tip you can give us, would be really appreciated.

    thanks,

    Alexandra



    ------------------------------
    Alexandra Manea
    Indra Italia spa
    ------------------------------

    Original Message


  • 16.  RE: BYOC Cloud with Cisco CUBE SBC
    Best Answer

    Posted 10-10-2024 21:20
    Hi Alexandra,

    One thing that I could think of is to check if you have all the necessary certificates loaded in the CUBE. I would also make sure under sip-ua has crypto signaling trustpoint set to your signed certificate. If you send me your cube config I can maybe take a look.

    Hope this helps.
     
    Andrew 




    Original Message


  • 17.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-16-2024 12:44

    Hi Andrew,

    thank you for your answer and apologies for my late reply.

    From Genesys Support the feedback is that mTLS is not supported.

    do you still think you can find something useful on the CUBE config?

    I really appreciate your feedback, thanks a lot!



    ------------------------------
    Alexandra Manea
    Advanced Technology Senior Consultant
    ------------------------------

    Original Message


  • 18.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-16-2024 13:21
    Hi Alexandra,

    I'm not using mTLS so I can't comment on that part. If you still would like me to take a look at the config I can gladly do that.

    Thanks,
     
    Andrew




    Original Message


  • 19.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-17-2024 03:16
      |   view attached

    Hi Andrew,

    I have uploaded the file cube_setup_masked_data2.txt.

    if you can have a look, please let me have your feedback.

    thanks a lot,

    Alexandra



    ------------------------------
    Alexandra Manea
    Advanced Technology Senior Consultant
    ------------------------------

    Attachment(s)

    txt
    cube_setup_masked_data2.txt   9 KB 1 version
    Original Message


  • 20.  RE: BYOC Cloud with Cisco CUBE SBC

    Posted 10-18-2024 12:04
    Hi Alexandra,

    I took a look at the config and everything seems fine, but a few things I noticed:

    1. It might be different for each region, but in the US we didn't need a "voice class sip-profile" with the rules that you have.

    2. The 2101 outgoing dial-peer should not use the server-group 3 to route to Genesys. It should be the Inbound SIP Termination Identifier configured in your Genesys trunk. Ex. session target dns:example_trunk_name.byoc.mypurecloud.ie:5061.

    3. If you are not using the cube for anything else, maybe try setting the trustpoint directly on sip-ua instead of the tls-profile within the tenant to test. Make sure the entire certificate chain is in your cube.
     
    sip-ua
     transport tcp tls v1.2
     crypto signaling default trustpoint <YOUR CA SIGNED TRUSTPOINT NAME> 

    You can verify the tls connection by using "sh sip conn tcp tls det"

    Hope this helps.

    Thanks,
     
    Andrew Ng
    10 Astor Pl
    New York, New York 10003
    Tel: 212-998-1367




    Original Message


Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources