Henry Ngai
2004-Sep-21 19:23 UTC
[Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other
First, I assume that you will be running NAT at both locations, if that is not the case, then the configuration will change. When you said VPN, are you using PPTP or IPSEC? Microsoft supports PPTP. In order to connect a PC over VPN to the office, which has a PPTP VPN Server, you will need to runs VPN software. After it is run, the PC obtains a new IP address from your office, If you are using soft phone on a Windows PC, you can communicate without any problem as the IP is now tunnelled via internet to the office from your PC. Please note that PPTP VPN can tunnel through NAT and should be allowed to tunnel through Firewall as well before soft phone can be used.>From your description, I feel that IPSEC may be a better solution. IPSEC can route/merge two remote subnets together. If you are connecting two sites using IPSEC, you can start any service and a hardware SIP phone should be fine. Just make sure your DNS and gateway setups are correct. And your PC can see across the IPSEC tunnel without loading any VPN software.Henry -------------------------------------------------------------------------------------- From: Shawn Dillon [mailto:shawn@crsretailpro.com] Sent: Tuesday, September 21, 2004 2:39 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues I have just finished compiling and installing Asterisk on a test Debian system. All is working well. We are now attempting to get remote offices to test the system I have installed both a SIP and an IAX client at a remote office. Then I connect to our office via Microsoft ISA firewall and the Windows XP VPN client. Neither of the softphones will connect. On the IAX softphone I just get a ringtone , on the SIP client nothing. The Debian machine has two NIC's , one with a static external IP and one with an internal IP. Our remote offices are behind a mixture of firewalls. I have some questions with regards to our testing and setup. 1) Is there a way to get the SIP/IAX client to work via the VPN? This would be the easiest way. 2) If not can I install a STUN server on the same machine as the * server? Can it use the same internal and external IP's as the * server? 3) Is there a hardphone that supports VPN that has been tested? 4) What is the best hardphone to use with Asterisk? Thanks for the input Shawn Dillon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/63abfeac/attachment.htm
Keep in mind, PPTP will only tunnel through the NAT, as long as GRE (prot 47) is properly tunneled along with tcp 1723. This support is relatively standard in common NATs, but it's not a given. -denon At 09:23 PM 9/21/2004, you wrote:>First, I assume that you will be running NAT at both locations, if that is >not the case, then the configuration will change. > >When you said VPN, are you using PPTP or IPSEC? Microsoft supports PPTP. >In order to connect a PC over VPN to the office, which has a PPTP VPN >Server, you will need to runs VPN software. After it is run, the PC >obtains a new IP address from your office, If you are using soft phone on >a Windows PC, you can communicate without any problem as the IP is now >tunnelled via internet to the office from your PC. Please note that PPTP >VPN can tunnel through NAT and should be allowed to tunnel through >Firewall as well before soft phone can be used. > > From your description, I feel that IPSEC may be a better solution. IPSEC > can route/merge two remote subnets together. If you are connecting two > sites using IPSEC, you can start any service and a hardware SIP phone > should be fine. Just make sure your DNS and gateway setups are correct. > And your PC can see across the IPSEC tunnel without loading any VPN software. > >Henry > >-------------------------------------------------------------------------------------- > >From: Shawn Dillon [mailto:shawn@crsretailpro.com] >Sent: Tuesday, September 21, 2004 2:39 PM >To: <mailto:asterisk-users@lists.digium.com>asterisk-users@lists.digium.com >Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other >issues > > > >I have just finished compiling and installing Asterisk on a test Debian >system. All is working well. We are now attempting to get remote offices >to test the system I have installed both a SIP and an IAX client at a >remote office. Then I connect to our office via Microsoft ISA firewall >and the Windows XP VPN client. Neither of the softphones will connect. >On the IAX softphone I just get a ringtone , on the SIP client nothing. >The Debian machine has two NIC's , one with a static external IP and one >with an internal IP. Our remote offices are behind a mixture of >firewalls. > > > > > >I have some questions with regards to our testing and setup. > > > >1) Is there a way to get the SIP/IAX client to work via the VPN? >This would be the easiest way. > >2) If not can I install a STUN server on the same machine as the * >server? Can it use the same internal and external IP's as the * server? > >3) Is there a hardphone that supports VPN that has been tested? > >4) What is the best hardphone to use with Asterisk? > > > > > >Thanks for the input > >Shawn Dillon >_______________________________________________ >Asterisk-Users mailing list >Asterisk-Users@lists.digium.com >http://lists.digium.com/mailman/listinfo/asterisk-users >To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/649066b6/attachment.htm