These requirements are for business-to-business (B2B) SIP calls to and from Cisco Spark. They apply if your users want to make or receive calls between their Cisco Spark apps and third-party enterprises or services that use SIP
These requirements also apply to calling in to Cisco Spark space meeting URIs. Use these requirements if your users are not enabled for Cisco Spark Hybrid Call Services or Cisco Spark Calling.
DNS SRV Test
If you have a Cisco account or are a guest without a support contract, you can test your organization's DNS SRV records and firewall port openings by using the Collaboration Solutions Analyzer tool.
Outbound from Cisco Spark
For Cisco Spark Hybrid Call Service-enabled users, B2B calls happen through their organization's Session Border Controller (SBC), the route patterns, and other configurations in Unified CM for their CTI-RD or Spark-RD.
Cisco Spark Call-enabled users have their SIP B2B calls routed through the shared Cisco Spark-and-WebEx infrastructure. This infrastructure can also connect to destinations that only have a _sip._tcp SRV record.
The destination domain must have a SIPS (_sips._tcp) DNS SRV record which points to a Session Border Controller (SBC) and network port that can receive SIP over TLS. For example, by default Expressway-E on port 5061 or a third-party equivalent.
The destination address must support SIP URI dialing. Other call protocols or methods are unsupported, such as H.323, IP dialing, ISDN, and Microsoft Lync or Skype for Business.
Mandatory requirements for the destination SBC are:
Have a valid fully qualified domain name (FQDN) and points to an IP address of the SBC. The SRV record must reference the FQDN.
Present a valid certificate—the current time must be between the not-before and not-after times on the certificate.
Recommended requirements for the destination SBC are:
Present a complete certificate chain—server certificate, and signing certificates, including root certificate authority.
Present a certificate with a CN or SAN entry that matches the SBC's FQDN, as advertised by the SRV record.
Have an appropriate DNS PTR record for its IP address that points back to an FQDN listed in its certificate's CN or SAN fields.
Inbound to Cisco Spark
The calling device must support SIP URI dialing. Other call protocols or methods such as H.323, IP dialing, ISDN, and Microsoft Lync or Skype for Business are unsupported.
Mandatory requirements for the originating SBC are:
Support DNS SRV record lookups and can follow them to a Cisco Spark SIP server.
Support SIPS as advertised by any SRV records and can negotiate SIP over TLS.
Present a valid certificate (current time is between the not-before and not-after times on the certificate) at the Contact field advertised in their SIP headers.
Have an appropriate DNS A record that points its FQDN as noted in its Contact field to its originating IP address, if an FQDN is specified in the Contact field.
Recommended requirements for the originating SBC are:
Have an appropriate DNS PTR record for the IP address that the FQDN references, and also references back to the FQDN (reverse DNS).
Present a certificate with a CN or SAN entry that matches the SBC's FQDN or IP address that is advertised in the Contact field.
Present a complete certificate chain—server certificate and signing certificates, including root certificate authority.
Required Firewall and Network Ports
Do not filter on the Cisco Spark-side IP addresses or ports. These are subject to change without notice, depending on demand and other cloud requirements.
Copyright © 2017, Cisco Systems, Inc. All rights reserved.