[Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other

denon denon at denon.cx
Tue Sep 21 21:41:28 MST 2004


Keep in mind, PPTP will only tunnel through the NAT, as long as GRE (prot 
47) is properly tunneled along with tcp 1723. This support is relatively 
standard in common NATs, but it's not a given.

-denon

At 09:23 PM 9/21/2004, you wrote:
>First, I assume that you will be running NAT at both locations, if that is 
>not the case, then the configuration will change.
>
>When you said VPN, are you using PPTP or IPSEC? Microsoft supports PPTP. 
>In order to connect a PC over VPN to the office, which has a PPTP VPN 
>Server, you will need to runs VPN software. After it is run, the PC 
>obtains a new IP address from your office, If you are using soft phone on 
>a Windows PC, you can communicate without any problem as the IP is now 
>tunnelled via internet to the office from your PC. Please note that PPTP 
>VPN can tunnel through NAT and should be allowed to tunnel through 
>Firewall as well before soft phone can be used.
>
> From your description, I feel that IPSEC may be a better solution. IPSEC 
> can route/merge two remote subnets together. If you are connecting two 
> sites using IPSEC, you can start any service and a hardware SIP phone 
> should be fine. Just make sure your DNS and gateway setups are correct. 
> And your PC can see across the IPSEC tunnel without loading any VPN software.
>
>Henry
>
>--------------------------------------------------------------------------------------
>
>From: Shawn Dillon [mailto:shawn at crsretailpro.com]
>Sent: Tuesday, September 21, 2004 2:39 PM
>To: <mailto:asterisk-users at lists.digium.com>asterisk-users at lists.digium.com
>Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other
>issues
>
>
>
>I have just finished compiling and installing Asterisk on a test Debian
>system. All is working well. We are now attempting to get remote offices
>to test the system I have installed both a SIP and an IAX client at a
>remote office. Then I connect to our office via Microsoft ISA firewall
>and the Windows XP VPN client. Neither of the softphones will connect.
>On the IAX softphone I just get a ringtone , on the SIP client nothing.
>The Debian machine has two NIC's , one with a static external IP and one
>with an internal IP. Our remote offices are behind a mixture of
>firewalls.
>
>
>
>
>
>I have some questions with regards to our testing and setup.
>
>
>
>1)       Is there a way to get the SIP/IAX client to work via the VPN?
>This would be the easiest way.
>
>2)       If not can I install a STUN server on the same machine as the *
>server? Can it use the same internal and external IP's as the * server?
>
>3)       Is there a hardphone that supports VPN that has been tested?
>
>4)       What is the best hardphone to use with Asterisk?
>
>
>
>
>
>Thanks for the input
>
>Shawn Dillon
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/649066b6/attachment.htm


More information about the asterisk-users mailing list