sbc

How to Connect Your Telco SIP/PRI to a Cloud PBX (Azure/AWS/Datacenter)

by

How to Connect Your Telco SIP/PRI to a Cloud PBX (Azure/AWS/Datacenter)

sbc
sbc

In many countries, telecom operators provide SIP trunks as a PSTN replacement service, typically delivered over fiber or wireless links. These SIP trunks are usually bound to a private subnet at customer premises, meaning you cannot directly register them from a Cloud PBX in Azure, AWS, or other datacenters.

So, how can you securely connect your cloud PBX to your provider’s SIP trunk? Let’s explore two practical options.

⚠️ Disclaimer

This post is for informational purposes only. Telecom regulations and licensing differ by country and provider. Always:

  • Verify with your service provider before implementing.
  • Follow your local telecom laws and licensing requirements.
  • Ensure proper security to avoid toll fraud.
  • Kingston IT Solution assumes no liability for misuse or financial loss.

The Problem

Telecom SIP trunks are typically delivered to your premises using a private IP subnet. For example:

  • Telco SBCPrivate SubnetYour Premises

Since your Cloud PBX is not in the same subnet, it cannot directly connect.

📌 Solution: Introduce a bridge between your telco and your Cloud PBX.

Two Possible Options

1. Deploy an SBC (Session Border Controller)

An SBC sits between the telco and your cloud PBX.

Architecture:

  • Telco SIPSBC (private side)
  • SBC ⇄ Cloud PBX (public IP or VPN)

Features of SBCs:

  • SIP normalization
  • TLS/SRTP encryption
  • Topology hiding
  • Call admission control
  • DoS/DDoS protection

Pros: Enterprise-grade, reliable, telco-approved.
Cons: Costly and requires expertise.

2. Use an Asterisk Server as a Mediator

The cost-effective approach is to use Asterisk on-premises as a B2BUA (Back-to-Back User Agent).

Architecture:

  • Telco SIPAsterisk (private side)
  • Asterisk ⇄ Cloud PBX (public IP or VPN)

Benefits:

  • Low-cost, flexible, quick to deploy
  • Acts as signaling and media bridge
  • Supports SIP-TLS, SRTP, and ACLs

Pros: Budget-friendly, easy to set up
Cons: Needs strong security hardening

Security Checklist ✅

No matter which option you use, implement these protections:

  • Restrict SIP access by IP allowlists
  • Strong SIP passwords (disable guest access)
  • Use SIP-TLS + SRTP whenever possible
  • GeoIP firewall rules (block unused regions)
  • Outbound dialing restrictions (avoid premium/international fraud)
  • Fail2ban or IDS to block SIP scanners
  • Call rate limits and monitoring alerts

Network Paths to Cloud PBX

You can connect your Cloud PBX to your premises in three ways:

  1. Public IP with ACLs — Lock down access to specific IPs.
  2. Site-to-Site VPN — IPSec/WireGuard tunnel.
  3. Private connectivity — MPLS, ExpressRoute, or AWS Direct Connect.

Call Flow Example (Asterisk Mediator)

  1. Telco SBC → Asterisk (private LAN)
  2. Asterisk → Trunk to Cloud PBX
  3. Cloud PBX → Extension anywhere (softphone, IP phone, WebRTC)
  4. Outbound calls → Cloud PBX → Asterisk → Telco

Final Thoughts

  • SBC: Best for enterprises needing compliance and high-scale features.
  • Asterisk: Perfect for SMBs that want a secure and affordable bridge.

At Kingston IT Solution, we help businesses design SIP trunk connectivity to Cloud PBX solutions—whether on Azure, AWS, or hybrid datacenters.

Call to Action

👉 Need help bridging your SIP trunk to the cloud? Contact Kingston IT Solution today.

Leave a Comment