Skip to content
Elastic SIP Trunking/
Additional resources
/
Elastic SIP Trunking test...
Last updated

Elastic SIP Trunking Test plan

This guide walks you through verifying your Elastic SIP Trunk configuration for both outbound and inbound calls. It's designed to ensure your setup is working correctly once your Trunk and SIP Endpoints have been created in the Sinch Build Dashboard or APIs.

1. Create a SIP Trunk:

Add a SIP Trunk Domain - choose a clear, identifiable domain - must be unique may only contain letters, numbers, and hyphens ("-").

Example: my-company.pstn.sinch.com

2. Configure SIP Endpoint(s)

Each SIP Endpoint defines where Sinch will send your inbound calls (PBX, SBC, SIP server) and how your system will send calls to Sinch.

Option 1 — Static Endpoint

  • Name: Descriptive label (e.g., “San Diego Office PBX”)
  • IP Address: Your system’s public IP or DNS A-Record /FQDN
  • Port: Typically 5060 (UDP/TCP) or 5061 (TLS)
  • Transport Protocol: UDP, TCP, or TLS (recommended for encryption)
  • Priority: Default is 1 (lowest number = highest priority for inbound routing)

Positive Test Scenarios (Expected Results) - Non-Registered Endpoint

TestExpected OutcomeVerification
SIP signaling sent from allowed IP addressSinch accepts SIP traffic from the configured IPConfirm PBX/SBC public IP matches IP in Endpoint configuration
Inbound call A-recordCall completes successfully with two-way audioCall appears in CDRs; trunks name and IP listed correctly
Inbound call to IP-auth endpointCall completes successfully with two-way audioCall appears in CDRs; trunks name and IP listed correctly
IP authentication enforcedOnly approved IPs can send signalingAttempt call from allowed IP succeeds; call from non-allowed IP is blocked
Failover routing works (if multiple endpoints configured)Calls route to highest-priority, reachable endpointDisable primary device → verify call delivered to secondary endpoint

Negative Test Scenarios (Failure Conditions) - Non-Registered Endpoint

TestPossible CauseSIP Response / SymptomResolution
SIP INVITE sent from unlisted IPIP not in ACL / static endpoint list403 Forbidden or call rejectedAdd correct public IP to Sinch endpoint or ACL configuration
Outbound call failsIncorrect trunk domain or transport404 Not Found / 480 Temporarily UnavailableConfirm PBX sends INVITE to correct domain (e.g., <domain>.pstn.sinch.com)
Inbound call failsPBX/SBC not listening on expected portINVITE not seen; call attempt times outEnsure PBX listens on correct IP/port (5060/5061) and firewall permits traffic
Transport mismatchPBX sending TLS but endpoint expects UDP/TCPNo response to SIP messagesAlign transport: UDP/TCP/TLS must match Sinch endpoint settings

QA Checklist for Non-Registered

  • ✅ Inbound call received Sinch can deliver inbound calls to the PBX/SBC, and the INVITE is visible in logs.
  • ✅ Audio is two-way Both streams negotiated correctly; no one-way/no-audio issues.
  • ✅ IP authentication successful SIP traffic originates from the correct public IP allowed in ACL or Endpoint configuration.
  • ✅ Endpoint remains reachable over time Inbound calls stay consistent; no intermittent SIP timeouts.

Option 2 — Registered Endpoint

A Registered Endpoint is a SIP device (PBX, SBC, softphone, gateway, etc.) that sends a SIP REGISTER request to the provider to let the network know:

  • Select Registered from the Add Endpoint modal
  • Name: Descriptive name (e.g., “Softswitch A”)
  • Port: Typically 5060 (UDP/TCP) or 5061 (TLS)
  • Transport Protocol: UDP, TCP, or TLS

When configuring a SIP Register Endpoint, you can select or create a credential that defines your SIP username and password for authentication or assign existing. Correct credential setup ensures your PBX or SIP device can register successfully and send/receive calls through your Sinch Trunk.

  • Authenticate properly with the Sinch SIP platform
  • Maintain an active registration
  • Receive inbound calls
  • Place outbound

If credentials are incorrect or missing, the endpoint will not register and calls will fail.

Positive Test Scenarios (Expected Results) - Registered Endpoints

TestExpected OutcomeVerification
SIP device registers using the correct username/passwordRegistration is successful (200 OK response)Check your PBX status → Endpoint shows as Registered
Outbound call using registered endpointCall completes successfully, with two-way audioCall appears in CDRs, correct trunk/endpoint listed
Inbound call to registered endpointCall reaches PBX, audio clearINVITE seen on PBX; audio confirmed
Registration refresh (periodic re-registration)Device remains registered over timeRegistration timer resets as expected

Negative Test Scenarios (Failure Conditions) - Registered Endpoints

TestPossible CauseSIP Response / SymptomResolution
Incorrect username or passwordMismatch between device and Sinch credential401 UnauthorizedVerify credentials in PBX and Sinch Dashboard match exactly
Registration request not reaching SinchFirewall, NAT, or incorrect domainNo SIP response / registration timeoutEnsure correct domain (e.g., mycompany.pstn.sinch.com) and open outbound SIP ports (UDP/TCP 5060/5061)
Successful registration but outbound calls failWrong SIP domain in call setup404 Not Found or 480 Temporarily UnavailableConfirm call is sent to the same domain used for registration
Registration succeeds but inbound calls failPBX not listening or RTP blockedINVITE not seen or one-way audioVerify PBX is bound to correct interface/port; open RTP port range (10000–20000 UDP)
Frequent registration dropsNetwork instability or NAT timeoutPBX logs show registration lossSet interval or enable keep-alive messages
Multiple devices using same credentialSIP collision (one device)Registration flaps between devicesAssign unique credentials per device to avoid overwrite

QA Checklist for Registration

  • ✅ Registration successful (200 OK)
  • ✅ Outbound call completes
  • ✅ System correctly maps credential username and password
  • ✅ Inbound call received
  • ✅ Audio is two-way
  • ✅ Registration remains stable over time
  • ✅ Endpoint becomes unregistered when credentials are removed/incorrect.

3. Outbound Digest Authentication

When you configure Outbound Credentials on your SIP Trunk, Sinch will challenge every outbound SIP INVITE you send with a 407 Authentication Required response. Your PBX or SIP application must resend the INVITE with the correct username and password. If ACLs are also enabled, both the IP and the credentials must be valid for the call to succeed.

Positive Test Scenarios (Expected Results) - Outbound Digest Authentication

TestExpected OutcomeVerification
PBX sends INVITE and responds correctly to Sinch's 407 challengeINVITE is resent with the correct Authorization headerConfirm PBX retries INVITE with username/password included
Correct outbound username/password configuredSinch accepts the authenticated INVITEOutbound call completes and appears in Sinch CDRs
Outbound call connects successfullyCall rings, connects, and has two-way audioVerify audio path in both directions
Multiple outbound calls placedAuthentication remains stable over timeNo repeated 407 loops or intermittent failures
Credentials remain consistent across callsCalls complete without authentication dropsReview PBX logs and CDRs for successful authentication

Negative Test Scenarios (Failure Conditions) - Outbound Digest Authentication

TestPossible CauseSIP Response / SymptomResolution
Incorrect outbound username or passwordCredential mismatch between PBX and Sinch403 Forbidden or repeated 407 challengesVerify outbound credentials match exactly in PBX and Sinch Dashboard
PBX does not resend INVITE after 407 challengePBX not configured for Digest/Proxy AuthenticationINVITE → 407 → no follow-up INVITEEnable Digest Authentication or Outbound Proxy Authentication in PBX settings
PBX sends malformed or incomplete Authorization headerSIP client failing to include required fieldsRepeated 407 or immediate rejectReview PBX SIP logs and correct credential formatting
Stale or cached credentials usedPBX retains outdated Authorization headers after password changeIntermittent 407 loopsClear cached credentials or restart PBX/SBC
Outbound credentials correct but domain incorrectINVITE sent to wrong Sinch trunk domain404 Not Found or 480 Temporarily UnavailableEnsure INVITE is sent to the correct trunk domain (e.g., <domain>.pstn.sinch.com)

QA Checklist for Outbound Credential Validation

  • ✅ PBX receives and responds to Sinch's 407 Authentication Required
  • ✅ INVITE resent with valid Authorization header
  • ✅ Outbound username and password match Sinch Dashboard
  • ✅ Outbound call completes successfully
  • ✅ Audio is two-way and stable
  • ✅ Multiple outbound calls succeed consistently
  • ✅ CDR logs confirm successful outbound routing
  • ✅ No repeated 407 or 403 failures

4. Inbound Digest Authentication

When inbound credentials are configured on your SIP Endpoint, Sinch will authenticate to your PBX/SBC when delivering inbound calls. If your PBX challenges the call with 401/407, Sinch will resend the INVITE using the username and password you configured.

Positive Test Scenarios (Expected Results) - Inbound Digest Authentication

TestExpected OutcomeVerification
PBX challenges inbound INVITE with 407Sinch resends INVITE with correct Authorization headerPBX logs show second INVITE including credentials
Correct inbound username/password configuredPBX accepts authenticated INVITEInbound call rings and connects successfully
Inbound call completes with mediaTwo-way audio works as expectedConfirm audio both directions
Multiple inbound calls placedAuthentication remains stable across callsNo repeated 407 loops in PBX logs

Negative Test Scenarios (Failure Conditions) - Inbound Digest Authentication

TestPossible CauseSIP Response / SymptomResolution
Incorrect inbound username or passwordCredential mismatch between PBX challenge and Sinch endpoint credentialsPBX rejects INVITE / repeated 407 loopsUpdate endpoint credentials in Sinch Dashboard to match PBX
PBX requires authentication but endpoint has no credentials configuredMissing credential on Sinch SIP EndpointPBX rejects call immediatelyAdd inbound credentials to the SIP Endpoint in Sinch
Credentials updated but PBX still rejectingPBX caching old authentication dataRepeated rejects despite correct credentialsClear PBX cache or restart SIP service
Multiple PBXs using same inbound credentialCredential collisions causing inconsistent behaviorSome calls accepted, others rejectedAssign unique inbound credentials per endpoint/device

QA Checklist for Inbound Credential Validation

  • ✅ PBX issues a proper 407 challenge
  • ✅ Sinch resends INVITE with correct Authorization header
  • ✅ PBX accepts authenticated INVITE
  • ✅ Inbound call rings and connects
  • ✅ Two-way audio confirmed
  • ✅ Multiple inbound calls authenticated successfully
  • ✅ No repeated 407 loops
  • ✅ Inbound credentials match exactly between PBX and Sinch Dashboard

5. Priority

When you configure multiple SIP Endpoints on your Elastic SIP Trunk, Sinch uses Endpoint Priorities to determine how inbound calls are routed to your PBX or SIP devices. Each endpoint is assigned a priority value, where lower numbers represent higher priority. The endpoint with the lowest priority number will receive all inbound calls first. If that endpoint is unavailable or fails to respond, Sinch will automatically route the call to the next available endpoint with a higher priority number. Endpoints that share the same priority value will receive calls in a round-robin pattern, allowing you to distribute traffic evenly across multiple systems.

Positive Test Scenarios (Expected Results) - Priority

TestExpected OutcomeVerification
Multiple endpoints registered under same trunk with different priority levelsPrimary endpoint handles calls firstCheck Sinch Dashboard → both endpoints show “enabled”; confirm INVITE sent to highest priority endpoint
Primary endpoint unavailable, secondary endpoint reachableCalls automatically route to secondary endpointSimulate primary down (disable network); verify call completes through secondary
Restore primary endpoint after failoverSystem automatically reverts to primary endpoint for new calls Observe call routing returns to primary; check SIP logs or CDR endpoint nameEqual-priority endpoints (load sharing)Calls distributed evenly between endpointsVerify call distribution pattern over multiple calls; CDRs show both endpoints in rotation
Priority change in configurationPriority update applied without service disruptionModify priority in dashboard; confirm next call follows new routing order
Endpoint prioritization persists after registration refreshCorrect priority order maintained post re-registrationRestart PBX devices; confirm routing logic remains consistent

Negative Test Scenarios (Failure Conditions) - Priority

TestPossible CauseSIP Response / SymptomResolution
Incorrect or missing priority configurationPriority field not set or misconfiguredCalls route unpredictably / failover not workingSet correct priority values (lower = higher priority) in Sinch Dashboard
All endpoints downNo active registered endpoints503 Service UnavailableEnsure at least one endpoint remains registered; validate registration timers
Secondary endpoint registered but unreachable (firewall or NAT)INVITE sent but no response408 Request TimeoutVerify network connectivity and open SIP/RTP ports

QA Checklist for Endpoint Priority

  • ✅ Both endpoints registered and visible in dashboard
  • ✅ Calls route to highest priority endpoint
  • ✅ Failover to secondary endpoint works
  • ✅ System reverts to primary after recovery
  • ✅ Load sharing works for equal-priority endpoints
  • ✅ Priority updates apply without service disruption
  • ✅ SIP routing matches configured priority order

6. Access Control Lists (ACLs)

Allow you to control which IP addresses are permitted to send SIP traffic to your trunk. ACLs act as a security filter that accepts signaling only from approved IPs and rejects all others. This prevents unauthorized access, protects your trunk from fraud, and ensures that only trusted networks and PBXs can place or receive calls.

Positive Test Scenarios (Expected Results) - ACL

TestPossible Cause (if fails)SIP Response / SymptomResolution
Invite request from allowed IPIP is correctly listed in ACL200 OKConfirm allowed IP in dashboard under API Access Control List.
SIP call from allowed IP (full INVITE flow)ACL discrepancy different public IP403 Forbidden from proxyVerify actual IP and update ACL accordingly.

Negative Test Scenarios (Failure Conditions) - ACL

TestPossible Cause (if passes)SIP Response / SymptomResolution
SIP INVITE from non-whitelisted IPIP incorrectly added to ACL or subnet too wideCall completes unexpectedlyReview ACL entries — narrow subnet to /32 or specific range.
Call from IP recently removed from ACLACL cache not updated yetStill allowed for 40 - 50 secsWait for ACL cache refresh (~50 secs) then retest.

QA Checklist for ACL

  • ✅ SIP registration succeeds (200 OK)
  • ✅ Outbound call completes successfully
  • ✅ Inbound call received from Sinch to allowed IP
  • ✅ Audio is two-way on both legs
  • ✅ ACL propagation verified within 50 secs after adding IP
  • ✅ SIP INVITE from IP denied (403 Forbitten)
  • ✅ IP removed from ACL becomes blocked within expected propagation time
  • ✅ No call setup or media from non-whitelisted IPs
  • ✅ Logs correctly display denied source IP and reason

7. Country Permissions

Allow you to control which international destinations can receive outbound calls from your SIP trunk, and which countries are permitted to send inbound traffic. This feature provides an additional security layer to prevent unauthorized international calling, reduce fraud exposure, and ensure compliance with business or regulatory requirements.

Positive Test Scenarios (Expected Results) - Country Permissions

TestExpected OutcomeVerification
Outbound call to an allowed country (e.g., UK, US, Canada)Call completes successfully with two-way audioVerify call appears in CDRs, correct country code and destination prefix
Inbound call from an allowed countryCall is received and audio is clearCheck PBX logs → INVITE received; call connected successfully
Attempt outbound call to multiple allowed destinationsEach destination connects per your country permissions listVerify each call completes with expected country code formatting (+44, +1, etc.)
Modify allowed country list (add/remove)System updates permissions dynamicallyConfirm update visible in Sinch Dashboard → test new call passes/fails as expected

Negative Test Scenarios (Failure Conditions) - Country Permissions

TestPossible CauseSIP Response / SymptomResolution
Outbound call to a blocked countryDestination not in allowed list480 Temporary UnavailableUpdate country permissions in Sinch portal or contact admin to whitelist
Call blocked due to number format mismatchDialed number missing + or incorrect E.164 format480 Temporary UnavailableReformat numbers in PBX to E.164 (+countrycode + number)

Negative Test Scenarios (Failure Conditions) - Blocked Countries

TestPossible CauseSIP Response / SymptomResolution
Outbound call to a blocked countryCountry not enabled in permissions480 Temporarily UnavailableEnable the country in dashboard or update profile
Outbound call to restricted numberNumber not permitted by number rules403 Forbidden or 404 Not FoundAdjust number rules or correct dialing format
Inbound call from blocked countryTraffic denied based on inbound rulesCall rejectedUpdate inbound country permissions if required
Outbound call when outbound traffic is disabledTraffic type restricted in configurationCall rejected with policy errorEnable outbound traffic in trunk settings
Number fails validation (not E.164)Incorrect number formatting400 Bad Request / 404 Not FoundCorrect number to +E.164 format

QA Checklist for Call Blocking

  • ✅ A new call-blocking rule can be created successfully
  • ✅ Rule name is unique and rejects duplicates
  • ✅ Direction can be set to Inbound or Outbound
  • ✅ “All Numbers” rule blocks all calls in the selected direction
  • ✅ Inbound calls from PSTN/Sinch are blocked when “All Numbers” is enabled
  • ✅ Outbound calls from infrastructure are blocked when “All Numbers” is enabled
  • ✅ Prefix rule blocks all numbers starting with the specified pattern
  • ✅ Full number rule blocks a single specific number
  • ✅ Country selector loads correctly
  • ✅ Outbound call to blocked country is rejected
  • ✅ Country blocking overrides Country Permissions settings
  • ✅ Inbound calls from a blocked country (if supported) are rejected
Previous page
Next page