What is the Accept Replaces Header option in SIP Trunk Security Profile

When we talk about the Call Bridge on Cisco Meeting Server, the SIP Trunk configured from the Call Control CUCM ‘s perspective must have the Accept Replace SIP header check boxes checked in the SIP Trunk Security Profile, this Option looks like a simple click, but its role is huge and incredible, unfortunately in many examples or in many official courses (such as CCNP Collaboration courses), this option is just highlighted without explaining in depth why it’s very important for Call Bridge group Feature, or also for Cisco Unity Connection integration.

The idea behind the Accept Replace Header option is to make sure that all participants within a Call Bridge Group participating in the same space or meeting, they will all be connected to the same server, to eliminate the distribution of calls between Call Bridge nodes causing Ports consumption. To make this happen, when a call is sent to a CMS-B to join a Space, the node CMS-B will communicate with the other Call Bridge servers to determine which server is currently hosting the meeting. If it determines that a Space is being hosted by another server within the Group, then the server hosting the conference or the meeting (let’s say CMS-A will send a SIP INVITE with a Replaces header, which means: hey Mr CUCM can you transfer the call to CMS-A as shown in the wireshark capture. This is exactly the purpose of checking the Accept Replaces Header option when you integrate Cisco Unity Connection with Cisco Unified Communication Manager. Cisco Unity Connection can also transfer a call using the transfer rules under the user or call handler configuration page.

The message sent by the CMS-B hosting the conference is basically a SIP Invite with a Replace Header. So, what’s inside the Replaces header? Obviously, it must be something that can uniquely identify the call received by CMS-B. This identification is based on the the Call-ID of the existing SIP dialog (between CMS-B and CUCM) with its “To Tag” and “From Tag”, the TO TAG identified the user (let’s say jdoe@lab.local) who initiated the call and the FROM TAG identifies the Meeting with its own URI (for example ccnp@cms-b.lab.com).By default this kind of SIP Invite is dropped by the Call Manager, this is why we need to enable the Accept Replaces Header Option in the SIP Trunk Security Profile so that it can transfer the Call to CMS-A with Message Header inversed (From jdoe@lab.local and To ccnp@cms-b.lab.local.

The purpose is to establish an two RTP flows from cmayer and jdoe user through the same conference bridge instead of three RTP flows without the Call Bridge Group. To meet this goal, if an existence Node CMS-1 is hosting a conference, when the CUCM receives a call from another user (jdoe) to join the same meeting, it could send the call to the second node CMS-B as shown below, (remember Route List, R-Group and R-Pattern). The idea behind this option, the Call Bridge CMS-A which hosts the meeting triggers a SIP Invite with replace header in the message header, inside the replace header, the Call ID , source TAG and Destination TAG of the call initiated by JDOE. This Option of Replaces Header will instruct the Call Control to reroute the call’s JDOE to CMS-A where an existing meeting is already there. Without the Option Accept Replaces Header the Call Manager will drop the SIP invite with the Replaces Header set.

Published by:

Redouane MEDDANE

Redouane MEDDANE is Cisco Instructor CCSI #35458, 3xCCNP Collaboration, Security and Enterprise and he a published author of some of the most important OSPF Protocol, Security and Collaboration books in the world titled OSPF Demystified With RFC, Network Security All-in-one, and Dial Plan and Call Routing Demystified on CUCM. He is also a blogger at ipdemystify.com and writes articles about collaboration and security to demystify the most complex topics. His books are known for their technical depth and accuracy especially the OSPF Demystified With RFC book, which is considered as the best OSPF book in the world and named "One of the best OSPF ebooks of all time" by BookAuthority It gives you a hint at the ability to explain complex topics with remarkable ease. He worked as a Cisco Instructor and consultant indifferent Cisco Learning Partner and awarded twice as Cisco Distinguished Instructor Award and Cisco Security Instructor Excellence Award on 2018 and 2019, and Cisco Collaboration Instructor Excellence Award on 2020. The Distinguished Instructor Award recognizes the top 5% of Cisco's most influential CCSI's who provide the highest quality training experience and demonstrate the best overall instructor performance across multiple Cisco technologie and Instructor Excellence Award recognizes the top 25% of elite CCSIs being recognized for delivering top quality training and maintaining high customer satisfaction in their field of expertise.

Categories CollaborationLeave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s