Enterprise VoIP system combining Kamailio Session Border Controller (SBC) for security and SIP normalization with a clustered Asterisk PBX backend handling IVR, call queues, and recording. Inbound traffic from multiple SIP trunk providers flows through WAF/DDoS protection and dual Kamailio SBC instances for topology hiding, NAT traversal, and load balancing before reaching the call control layer. RTPengine media relays handle encrypted SRTP streams and NAT traversal independently, while the five-node Asterisk cluster provides redundancy for extensions, call recording, and contact center features. This architecture isolates security and media processing from business logic, enabling independent scaling and failover. Fork this diagram to customize SIP providers, add geographic redundancy, or integrate with your monitoring stack using Prometheus, Grafana, and Homer SIP Capture.