[Asterisk-Users] Asterisk and SIP phones

Wiley E. Siler wsiler at e2020inc.com
Wed Oct 6 08:59:49 MST 2004 

If you want to traverse your firewall?  
I assume that a NAT on the Pix would allow you to expose the correct
ports for the * box and allow direct connect.  However, that obviously
opens the system to external attack. 

What I have done is to create a VPN tunnel which removes the need to
allow a public presence of my * box.
I VPN into my network then just start up the softphone like I was on the
LAN.

The suggestion by Ben which I expanded with the Netscreen idea is this.
If you need to have a remote site with more than one phone, just create
a VPN tunnel and pass your * traffic from one side to the other.  This
would also make available any network resources you needed shared such
as a mail server, etc, etc...  It is the basic, remote office setup that
would allow a unified access model for people at either site. So Joe at
office A gets network shares just like Bob at offce B.

However, if you goal is just single user end points, a plain ole soft
phone and XP/2K -> PIX VPN session will work just fine and be cheaper
assuming you have the VPN license for the PIX.

W
 

-----Original Message-----
From: Michael Di Martino [mailto:mdm at telx.com] 
Sent: Wednesday, October 06, 2004 8:35 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion; Benjamin on
Asterisk Mailing Lists
Subject: RE: [Asterisk-Users] Asterisk and SIP phones

 what your saying is to setup a VPN tunnel between the Office and the
users home?

-----Original Message-----
From: Wiley E. Siler [mailto:wsiler at e2020inc.com]
Sent: Wednesday, October 06, 2004 11:22 AM
To: Benjamin on Asterisk Mailing Lists; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: RE: [Asterisk-Users] Asterisk and SIP phones

I do this with a softphone (xlite) from my XP box at home to my Pix.  It
works fairly well.
It does add some latency but in most cases it is not noticable.
I assume a dedicated device (Netscreen 5) would work well for your VPN
end point at the home.

W




-----Original Message-----
From: Benjamin on Asterisk Mailing Lists
[mailto:benjk.on.asterisk.ml at gmail.com]
Sent: Wednesday, October 06, 2004 8:15 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Asterisk and SIP phones

On Wed, 6 Oct 2004 09:57:18 -0400, Michael Di Martino <mdm at telx.com>
wrote:
> I have Asterisk server providing phone service for my company.
> The server is behind a PIX-515 FW and is assigned a private address 
> 192.168.11.X/24.
> 
> With that said what is best to provide remote SIP phones (home
> offices) securely.
> 
> If the solution is to put up another Asterisk server with a public IP 
> address I am opposed to that.
> I am looking for the a secure reliable solution to set up remote SIP 
> phones.

IPsec tunneling between your PIX and the remote sites where the remote
phones are.

rgds
benjk

--
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists may
get trashed.
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list