Any suggestions? Export (0) Print
Expand All

Configuration notes for supported session border controllers

Exchange Online
 

Applies to: Exchange Online

Topic Last Modified: 2016-02-01

Session border controllers (SBCs) enable you to connect your on-premises telephony network to a Microsoft datacenter over a dedicated public WAN connection. An SBC sits on the edge of your on-premises IP network and connects to a second SBC in a Microsoft datacenter.

SBCs require the use of digital certificates to encrypt all traffic between your on-premises organization and the Microsoft datacenter. You must obtain a digital certificate for the network border element, such as a session border controller, that you’re using to communicate with Exchange hybrid and online deployments. Digital certificates establish trust between your on-premises organization and the Microsoft datacenter and enable mutual Transport Layer Security (mutual TLS). After this trust is established, the network border elements at your on-premises organization and at the Microsoft datacenter exchange session keys, and use these keys to encrypt the subsequent data traffic.

In hybrid or online deployments, a UM IP gateway represents an SBC. The subject common name in the certificate must match the fully qualified domain name (FQDN) value in the Address box on the UM IP gateway that you create. For example, if you specify the FQDN address sbcexternal.contoso.com on your UM IP gateway, make sure that the subject name and subject alternative name in the certificate contain the same value: sbcexternal.contoso.com. The name that you use is case-sensitive, so make sure the case is the same on both the certificate and the UM IP gateway. If you’re using an Acme Packet SBC and the common name doesn’t match the UM IP gateway’s FQDN, the call will be rejected with a 403 error.

NoteNote:
Because SBCs are designed to sit on the network edge, they also function as a firewall. If you set up an SBC behind your organization’s firewall, it can cause configuration problems and is unsupported for connecting to Office 365.

The following SBCs have been successfully tested for interoperability with Exchange hybrid and online deployments. Note that the capabilities and compatibilities of SBCs can vary, and the way you set them up can be different depending on other equipment on your network. Consult with the SBC manufacturer to see whether there are specific configuration notes for Unified Messaging in a hybrid or online deployment.

 

Vendor

Model

Configuration notes

Comments

Acme Packet

Net-Net 3820 or 4500

Please contact the hardware vendor for up to date instructions on how to set up their device.

Dedicated SBC

AudioCodes

Mediant 1000B MSBG

Please contact the hardware vendor for up to date instructions on how to set up their device.

Dedicated SBC

AudioCodes

Mediant 1000B MSBG

Please contact the hardware vendor for up to date instructions on how to set up their device.

SBC and IP gateway

Cisco

ASR 1000

NoteNote:
Must have IOS 15.4(3)S3 or later installed.

Please contact the hardware vendor for up to date instructions on how to set up their device.

Dedicated SBC

Ingate

SIParator

Please contact the hardware vendor for up to date instructions on how to set up their device.

Dedicated SBC

NET

VX1200 & VX1800

Please contact the hardware vendor for up to date instructions on how to set up their device.

SBC option for a VoIP gateway product

Sonus

SBC 1000/2000 2.2.1 or later

Please contact the hardware vendor for up to date instructions on how to set up their device.

Dedicated SBC

 
Show:
© 2016 Microsoft