<html>
<body>
Keep in mind, PPTP will only tunnel through the NAT, as long as GRE (prot
47) is properly tunneled along with tcp 1723. This support is relatively
standard in common NATs, but it's not a given.<br><br>
-denon<br><br>
At 09:23 PM 9/21/2004, you wrote:<br>
<blockquote type=cite class=cite cite=""><font face="arial" size=2>First,
I assume that you will be running NAT at both locations, if that is not
the case, then the configuration will change.<br>
</font> <br>
<font face="arial" size=2>When you said VPN, are you using PPTP or IPSEC?
Microsoft supports PPTP. In order to connect a PC over VPN to the office,
which has a PPTP VPN Server, you will need to runs VPN software. After it
is run, the PC obtains a new IP address from your office, If you are
using soft phone on a Windows PC, you can communicate without any problem
as the IP is now tunnelled via internet to the office from your PC.
Please note that PPTP VPN can tunnel through NAT and should be allowed to
tunnel through Firewall as well before soft phone can be used.<br>
</font> <br>
<font face="arial" size=2>From your description, I feel that IPSEC may be
a better solution. IPSEC can route/merge two remote subnets together. If
you are connecting two sites using IPSEC, you can start any service and a
hardware SIP phone should be fine. Just make sure your DNS and gateway
setups are correct. And your PC can see across the IPSEC tunnel without
loading any VPN software.<br>
</font> <br>
<font face="arial" size=2>Henry<br>
</font> <br>
<font face="arial" size=2>--------------------------------------------------------------------------------------<br>
</font> <br>
<font face="Times New Roman, Times">From: Shawn Dillon
[<a href="mailto:shawn@crsretailpro.com" eudora="autourl">mailto:shawn@crsretailpro.com</a>]
<br>
Sent: Tuesday, September 21, 2004 2:39 PM<br>
To:
<a href="mailto:asterisk-users@lists.digium.com">asterisk-users@lists.digium.com</a></font><font face="arial" size=2><br>
</font><font face="Times New Roman, Times">Subject: [Asterisk-Users]
Asterisk , ISA Firewall/VPN , STUN and other<br>
issues<br><br>
<br><br>
I have just finished compiling and installing Asterisk on a test
Debian<br>
system. All is working well. We are now attempting to get remote
offices<br>
to test the system I have installed both a SIP and an IAX client at
a<br>
remote office. Then I connect to our office via Microsoft ISA
firewall<br>
and the Windows XP VPN client. Neither of the softphones will
connect.<br>
On the IAX softphone I just get a ringtone , on the SIP client
nothing.<br>
The Debian machine has two NIC's , one with a static external IP and
one<br>
with an internal IP. Our remote offices are behind a mixture of<br>
firewalls.<br><br>
<br><br>
<br><br>
I have some questions with regards to our testing and setup.<br><br>
<br><br>
1) Is there a way to get the SIP/IAX
client to work via the VPN?<br>
This would be the easiest way.<br><br>
2) If not can I install a STUN server
on the same machine as the *<br>
server? Can it use the same internal and external IP's as the *
server?<br><br>
3) Is there a hardphone that supports
VPN that has been tested?<br><br>
4) What is the best hardphone to use
with Asterisk?<br><br>
<br><br>
<br><br>
Thanks for the input<br><br>
Shawn Dillon</font><font face="arial" size=2><br>
</font>_______________________________________________<br>
Asterisk-Users mailing list<br>
Asterisk-Users@lists.digium.com<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" eudora="autourl">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" eudora="autourl">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</blockquote></body>
</html>