Asterisk and SBC

Hello,
i try connect two asterisk pbx via trunk via SBC. Trunk is registred but i cant make call via trunk can you help me please ?
sip.conf

[user2]
type=friend
host=dynamic
secret=blox
callerid=users2 <6002>
context=users
permit= 158.196.47.190/255.255.255.0
qualify=yes

[trunk]
type=friend
host=10.10.10.1
port=6070
context=users
fromuser=trunk
secret=blox
fromdomain=10.10.10.1:6070
realm=sbc.allo.com
remotesecret=blox
qualify=no
insecure=invite,port

extention.conf
[users]
exten =>6001,1,Dial(SIP/user1)
exten =>6002,1,Dial(SIP/user2)
exten => _0048.,1,Set(CALLERID(num)=00420${CALLERID(num)})
exten => _0048.,2,Dial(SIP/trunk/${EXTEN:4})

pbx2 sip.conf
[trunk]
type=friend
host=dynamic
port=8070
context=users
fromuser=trunk
secret=blox
fromdomain=158.196.244.136:8070
realm=sbc.allo.com
remotesecret=blox
qualify=no
insecure=invite,port

[user3]
type=friend
host=dynamic
secret=blox
context=users
callerid=user3 <6003>
permit= 158.196.47.190/255.255.255.0

extention.conf
[users]
exten =>6003,1,Dial(SIP/user3)
exten =>6004,1,Dial(SIP/user4)
exten =>_00420.,1,Set(CALLERID(num)=0048${CALLERID(num)})
exten => _00420.,2,Dial(SIP/trunk/${EXTEN:5})

You need to specify port=8070 in your general section as well, unless the SBC is messing around with port numbers. The port in trunk only applies to the remote end of the association; the local end port is taken from the general section. chan_sip cannot listen on more than one port.

(Generally, the fact that you are using an SBC is of no use without specific details of how the SBC mutilates the protocol exchanges.)

There is no registration happening here as both ends are static, so your statement about registration must be false.

insecure=invite nullifies the secret setting; it is generally only useful when you are registering with the peer and are unable to control it to enable both way authentication. I don’t know why you have insecure=port. The name of this parameter should be a clue that you do not use it without good reason.

General best practice is to use type=peer. type=friend is less secure and will cause problems if a local caller ID matches a remote device name.

Blox is SBC
61.x.x.x is eth with addr 158.196.244.136
and PBX2 have ip addr 158.196.244.138
[trunk]
type=peer
host=10.10.10.1
port=6070
context=users
fromuser=trunk
secret=blox
fromdomain=10.10.10.1:6070
realm=sbc.allo.com
remotesecret=blox
qualify=no

[trunk]
type=peer
host=dynamic
port=6070
context=users
fromuser=trunk
secret=blox
fromdomain=158.196.244.136:8070
realm=sbc.allo.com
remotesecret=blox
qualify=no

now is it better ?

Is the SBC really configured as a back to back user agent?

In any case, the easiest way to deal with this sort of thing is to look at the protocol traces produced using “sip set debug on”. Please remember to mark them as unformatted text (and to obfuscate sensitive data, but only to the minimum extent needed).

The Blox has been made to control VoIP signaling and media streams and it’s responsible for
setting up, conducting and tearing down calls. So, it’s recommended to deploy the Blox along with
the PBX as given in the following scenarios based on what is applicable in the user’s setup.

can you provide me realtime help ? e.g skype or TeamWiever ?