UCaaS Guide

Zoom Phone SIP Trunk — BYOC Configuration

9 min read · Updated April 2026

Zoom Phone BYOC (Bring Your Own Carrier) lets you connect your existing SIP trunk to Zoom Phone. The SIP requirements are strict — TLS only, E.164 number format, specific codec profile — and failures are often silent. Here is how to configure it and fix the most common issues.

SIPSymposium is an independent diagnostic platform not affiliated with or endorsed by Zoom Video Communications, Inc. Zoom and Zoom Phone are trademarks of Zoom Video Communications, Inc.

In this guide

01What is Zoom Phone BYOC? 02SIP trunk requirements 03SBC configuration 04Number format and normalization 05Common Zoom BYOC issues 06Diagnosing with traces

1. What is Zoom Phone BYOC?

Zoom Phone BYOC (Bring Your Own Carrier) allows you to connect your existing SIP trunk provider to Zoom Phone instead of using Zoom's own PSTN connectivity. You keep your existing carrier relationships, phone numbers, and rates while using Zoom Phone as the UCaaS platform.

BYOC works via a Session Border Controller (SBC) that sits between Zoom Phone and your SIP trunk carrier. The SBC handles protocol translation, security enforcement, and media handling. Zoom has a list of certified SBC partners, but any SBC that meets the technical requirements can work.

Two BYOC models exist:

Cloud Peering — Zoom connects directly to your SBC over the internet using TLS/SRTP
On-Premise Peering — deprecated in favor of Cloud Peering for most deployments

2. Zoom Phone BYOC SIP trunk requirements

Requirement	Specification
Transport	TLS only (port 5061) — plain UDP/TCP not accepted
Media encryption	SRTP required
Certificate	Public CA signed — self-signed not accepted
Codecs	G.711 (PCMU/PCMA), G.722, G.729, Opus
Number format	E.164 (+12025551234) for all calls
DTMF	RFC 2833 (payload type 101)
OPTIONS keepalive	SBC must respond to Zoom OPTIONS pings
IP allowlisting	Allow Zoom SIP proxy IPs (published in Zoom docs)

Zoom SIP proxy addresses

; Zoom Phone BYOC SIP proxy hostnames
; Always resolve via DNS — IPs can change
byoc.zoom.us          (primary)
byoc-useast.zoom.us   (US East)
byoc-uswest.zoom.us   (US West)
byoc-eu.zoom.us       (Europe)
byoc-apac.zoom.us     (APAC)

; Verify connectivity from SBC
openssl s_client -connect byoc.zoom.us:5061 -tls1_2

3. SBC configuration for Zoom BYOC

The SBC must handle two legs: the Zoom leg (TLS/SRTP, E.164) and the carrier leg (typically UDP, may be plain RTP, various number formats).

Key SBC settings for Zoom leg

TLS profile — TLS 1.2 minimum, full chain public CA certificate
SRTP profile — AES_CM_128_HMAC_SHA1_80 cipher suite
SIP profile — include Zoom SIP proxy as trusted peer
OPTIONS response — SBC must respond 200 OK to OPTIONS from Zoom
Contact header — must contain the SBC public FQDN, not private IP

AudioCodes SBC example configuration

; SIP Interface for Zoom leg
SIPInterface 0
  Interface-Name = Zoom-Leg
  Network-Interface = WAN
  UDP-Port = 0
  TCP-Port = 0
  TLS-Port = 5061
  Enable-TCP-Connection-Reuse = Enable

; Proxy Set for Zoom
ProxySet 0
  Proxy-Name = Zoom-BYOC
  Proxy-List = byoc.zoom.us
  Proxy-Keep-Alive = Using-Options
  Proxy-Keep-Alive-Time = 30

4. Number format and normalization

Zoom Phone requires E.164 format (+12025551234) for all calls. Most SIP carriers use 10-digit (2025551234) or 11-digit (12025551234) format. The SBC must normalize in both directions:

Inbound (carrier to Zoom)

Add + prefix

Carrier sends 12025551234 → SBC rewrites to +12025551234 before forwarding to Zoom. Also normalize calling party (From/PAI header) to E.164.

Outbound (Zoom to carrier)

Strip + prefix

Zoom sends +12025551234 → SBC strips + to get 12025551234 (or 2025551234 for 10-digit carriers). Match your carrier's expected format exactly.

; AudioCodes IP Profile — number manipulation
; Strip leading + for outbound to carrier
NumberMapIp2Ip 0
  Match-Destination-Prefix = +
  Stripped-Digits-From-Left = 1
  Action = Replace

5. Common Zoom Phone BYOC issues

Issue 01

SBC shows disconnected in Zoom admin portal

Zoom cannot reach your SBC on TLS 5061, or OPTIONS keepalive is failing. Check: firewall allows inbound TLS 5061 from Zoom proxy IPs, SBC FQDN resolves to correct public IP, TLS certificate is valid (not self-signed), SBC responds 200 OK to OPTIONS. Check SBC logs for incoming OPTIONS from byoc.zoom.us.

Issue 02

Outbound calls fail with 488 or no audio

Codec mismatch between Zoom and carrier legs. Zoom offers Opus first — if your carrier only accepts G.711, the SBC must transcode. Check the SDP offer from Zoom and the SDP your SBC forwards to the carrier. Ensure G.711 is in the offer to the carrier.

Issue 03

Inbound calls not routing to Zoom users

DID mapping misconfiguration in Zoom admin portal or number format mismatch. Zoom expects E.164 in the Request-URI. If your SBC is forwarding 2025551234 instead of +12025551234 in the INVITE to Zoom, the call won't match any user. Verify number normalization on the inbound leg.

Issue 04

One-way audio on BYOC calls

SRTP key mismatch or NAT issue on media path. Check that SRTP is enabled end-to-end — the Zoom leg requires SRTP and the SBC must handle SRTP-to-RTP conversion for carriers that don't support SRTP. Check the SBC's public IP is in the SDP c= line for the carrier leg.

6. Diagnosing Zoom BYOC with SIP traces

Zoom admin portal diagnostics

Zoom Admin Portal → Phone → SIP Trunk → select trunk → Status tab. Shows registration status, last OPTIONS ping time, and recent call records with SIP response codes.

SBC-side trace capture

; Capture Zoom leg traffic on SBC (Linux-based SBC)
tcpdump -i eth0 -w /tmp/zoom-byoc.pcap   host byoc.zoom.us and port 5061

; Or capture all SIP for a specific time window
tcpdump -i any -w /tmp/zoom-full.pcap   "tcp port 5061 or udp port 5060" &
sleep 60 && kill %1

In the capture, look for: TLS handshake completing (Client Hello → Server Hello → Finished), SIP INVITE messages with E.164 Request-URI, SDP with SRTP a=crypto lines on the Zoom leg, and RTCP RR (Receiver Reports) showing no packet loss for good calls.

Frequently asked questions

What is Zoom Phone BYOC?

Zoom Phone BYOC (Bring Your Own Carrier) lets you connect your existing SIP trunk provider to Zoom Phone instead of using Zoom's PSTN service. You keep your carrier, numbers, and rates while using Zoom Phone for the UCaaS platform. An SBC sits between Zoom and your carrier, handling TLS/SRTP on the Zoom side and your carrier's protocol on the other.

What are the SIP requirements for Zoom Phone BYOC?

Zoom Phone BYOC requires TLS transport on port 5061 (plain UDP/TCP not accepted), SRTP for media, a public CA-signed certificate on your SBC, E.164 number format (+12025551234) for all calls, RFC 2833 DTMF, and the SBC must respond to OPTIONS keepalive pings from Zoom. Your firewall must allow inbound TLS 5061 from Zoom SIP proxy IP ranges.

Why are Zoom BYOC calls failing?

Common Zoom BYOC call failures: SBC not reachable from Zoom (firewall blocking TLS 5061 or certificate invalid), codec mismatch where Zoom offers Opus but carrier only accepts G.711, number format mismatch where DID is not in E.164 format, or SRTP not configured on the carrier leg. Check the Zoom Admin Portal SIP Trunk status and capture SBC traces to identify the exact failure point.

Troubleshooting Zoom Phone BYOC SIP issues?

Capture SIP from your SBC and upload to SIPSymposium. The analyzer checks TLS failures, codec negotiation, E.164 number format, SRTP configuration, and call flow between Zoom and your carrier.

Analyze my trace Create free account

Related guides