Configuring SIP Trunks on ShoreTel!

June 7th, 2012

We continue to get a lot of questions about SIP trunks and how best to use them on ShoreTel. Our preferred strategy at this point, is to focus on a TIE line solution that brings both off premise extensions and DID numbers into the ShoreTel. Many branch offices, for example, are just not able to justify even an SG30V to support 8 extensions. Creating a SIP Tie line strategy to deal with these situations is both economical and appropriate.

Not withstanding the usual DrVoIP speech on WAN connectivity, QOS and SLA it is very possible to setup a remote office on a shoe string budget. Using a appliance from Siplistic, we were able to plant a node at the end of a VPN between the HQ and the remote office. Then, create a SIP tie-line between an SG HQ switch and the remote Siplistic appliance. The remote office should have local Internet access in addition to the VPN back to the HQ site. In this way, the Siplistic appliance can setup a “peer” with the ITSP, bring in both local dial tone and DID numbers while also providing SIP extensions off the ShoreTel HQ site, to that location. The basic Siplistic appliance comes bundled with your choice of a DID number, a four channel “peer” and support for 10 Extensions. The DID cost about $5 a month and the “peer” is a flat rate.

Meanwhile back at the mothership, you have created a new trunk group, provisioned static trunks for that group and pointed them to the remote site appliance. The trunk group is accessible for “dial x” by authorized User Groups like any other ShoreTel trunk Group and is even considered for inclusion in Least Cost Routing. It can also be part of the dialing plan and includes a list of the off premise extensions in the branch office. If you want those OPX’s to have mailboxes on the HQ switch you will need to do some digit translation and call forwarding, or you can just let the branch appliance support VM for those users. We have been testing a Siplistic solution that is actually deployed on a ShevvaPlug (see also: ) if you can believe that!

SIP firewall traversal is the major stumbling block for most implementations. You can get lost in a CISCO CUBE or other border controller, or you get configured using a STUN server solution. Port 5060 is as subject to hacking as your Webserver Port 80, but somehow we manage to survive! Most SIP registrations and RDP streams run on UDP which, unlike TCP, is connectionless and less hackable. Most SIP hacking happens because people do not use strong passwords. Even high school level hackers are using SIPVicious to scan for open 5060 ports and then scripting for log in and password. The wild west of the Internet, but at the end of the day, SIP is a real solution and there is no reason you can’t interconnect SIP DID’s to a ShoreTel.

The embedded video is just a trailer for a new 45 tutorial on ShoreTel SIP configuration we have added to the DrVoIP video library!

4 responses to “Configuring SIP Trunks on ShoreTel!”

  1. DrVoIP says:

    This video is getting a bit dated. With versions 13 and 14, ShoreTel SIP is getting much better. There are more debug tools and Media Termination options that give SIP comparability to a TDM PRI. Look for an updated video – DrVoIP

  2. Randall Mueller says:

    looks like the place to come to if your a dummy to this. I’ve searched on this and find little in what I am trying to do only and get lost in the jargon. We are wanting to impliment sip with our shoretel phone system. We have 3 T1’s to our PRi and in the RightFax use brooktrout. I am trying to understand the needs for me to go to SIP.. create a sip turnk from the shoretel to the rightfax. Other devices needed? etc.

  3. DrVoIP says:

    It should be noted that from the Asterisk CLI the “SIP SHOW REGISTRY” may show REJECT, yet the trunk still works in both directions! Generally dtmfmode=info should be in peer configuration and checked in the ShoreTel Trunk Group configuration if ext-ext dialing is to be used. Use AskDrVoIP process to get a complete recipe emailed to you with sample configuration data.

  4. DrVoIP says:

    Several request to clarify: This is not about firewalls, it is about peer registration. ShoreTel does not allow registration of a peer to a public IP address. That is typically the role that a border controller like Ingate would play. Ingate sets up the “peer / friend” with the ITSP, and another “peer / friend” with the ShoreTel. This is a back to back user B2BUA connection and actually provides separation between the two locations. The described strategy is similar and provides a public IP gateway for the ShoreTel TIE trunk.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ask DrVoIP

ask drvoip

Network Readiness Assessment

drvoip readiness checklist

Is your network Ready?

Complimentary free download - DrVoIP VoIP Network Readiness Assessment Checklist (pdf)

Download Now ›

Training Videos

shoretel ipbx cisco cusm
shoretel ecc audio voice prompts
cisco uccx call back option
generic call queue cc admin


web stats

© Copyright 2021
Follow DrVoIP