I am completely new to * ( I know read the archives but this is a little different case) I am trying to setup a Sip system out side my security firewalls for home users. I currently run a Cisco avvid solution internally but it's highly firwalled. I am planning on building a pri out of my 3745 cisco router and pluging it in to a 3810 which is on the outside setup with sip and running a * server to server the call on the outside to 7940 phones with the sip load. I don't care about VM that much other then to pass is back to my unity box over the very short PRI channel. I know this sounds really strange but I am not about to let my cisco CCM's even touch the net to make remote phones work and static vpning hardphones is getting a bit pricey at 550 a pop for pix boxes plus power supplys. I don't have a big problem with different ext as this would mainly be for out bound calls and my users can fwd there desk phone's DID to a ext that goes to there house. Basically this is a way for me to use up my 50-60 odd 7940 that I have in storage and to allow my sales teams to work from home on the companies bulk phone plan. Any ideas or comments would be great. Doug Block Chief Information Officer of Efast Funding 713-983-4055 (Direct) 888-338-3863 x 4055 (Toll Free) 713-983-4555 (Direct Fax) 832-483-4495 (Cell) -------------- next part -------------- A non-text attachment was scrubbed... Name: Doug Block (dblock@efastfunding.com).vcf Type: text/x-vcard Size: 242 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20040518/340c583d/DougBlockdblockefastfunding.com.vcf
Doug, I don't believe that it would be a good idea to leave the Asterisk box unprotected (without any firewall). This would leave you wide open for people to access your internal system through the Asterisk box. We have all been participating in a discussion about an article written by the ingenious Mr. Jim Louderback, technology writer for Ziff Davis, regarding the security risk of IP Telephony. As far as the cost of vpning the phones, maybe you could use LinkSys vpn routers ($129.00 / each) and cut the cost in half. If you didn't want to go the VPN route, you could setup access-list on your 3810 to only accept traffic from the known IP addresses of your home warriors. This is not the most secure, but it does provide some security and would probably block most half hearted attempts from wannabe hackers. You could sell your Cisco phones, install X-Lite (free softphone) and put the money from the Cisco phones toward vpning your network. There are several ways to go, I just wouldn't leave it wide open. Sincerely, Ronald R. McDaniel Southern Computer Services, Inc. rmcdaniel@southerncomp.net (251) 444-3136 office (251) 446-3137 fax (251) 294-1202 cell
> -----Original Message----- > From: asterisk-users-admin@lists.digium.com > [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of > Lars Boegild Thomsen > Sent: Tuesday, May 18, 2004 11:23 PM > To: asterisk-users@lists.digium.com > Subject: RE: [Asterisk-Users] * and Cisco routers[...]> Speaking of which - anybody got > experience with VoIP and IPSec? I've never really used > IPSec, but I would imagine it creates a significant delay.I run one or more 7960's over several different VPN setups. The one that introduces the most latency is a cheap PIX (read: 501 or 506). A 515 is OK, a 515 with a crypto card is pretty acceptable. The best setup is a 1721 or better with a crypto card. I routinely run that config at each end using GRE over IPSec and have no problems (it introduces about 20 ms latency when properly configured.....a cheap pix can introduce about 40 to 80 on average). One IPSec VPN connected between a 6509 MSFC<->GigE<->7206VXR<->DS-3<->7206VXR introduces only 12 ms latency on average. Of course that's nearly $30k worth of "plumbing", so one would expect that kind of performance. Daryl