Shawn Dillon
2004-Sep-21 14:38 UTC
[Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues
I have just finished compiling and installing Asterisk on a test Debian system. All is working well. We are now attempting to get remote offices to test the system I have installed both a SIP and an IAX client at a remote office. Then I connect to our office via Microsoft ISA firewall and the Windows XP VPN client. Neither of the softphones will connect. On the IAX softphone I just get a ringtone , on the SIP client nothing. The Debian machine has two NIC's , one with a static external IP and one with an internal IP. Our remote offices are behind a mixture of firewalls. I have some questions with regards to our testing and setup. 1) Is there a way to get the SIP/IAX client to work via the VPN? This would be the easiest way. 2) If not can I install a STUN server on the same machine as the * server? Can it use the same internal and external IP's as the * server? 3) Is there a hardphone that supports VPN that has been tested? 4) What is the best hardphone to use with Asterisk? Thanks for the input Shawn Dillon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/3e261c52/attachment.htm
Wiley E. Siler
2004-Sep-21 14:54 UTC
[Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues
I use my XLite softphone from my Win XP box over VPN to my Cisco PIX with no issues so this can be done. How that works for an ISA box is unknown to me. I dumped ISA several years ago do to it's (IMHO) unpredictability and low performance. Are you using the built in VPN of WinXP or an ISA Client ? Phones are very preferential. Grandstream and SNOM make some good cheap phones if presentation is not an issue. I personally prefer Polycom IP300 and IP500 for ease of use and features. IP300 can be had for $135 on eBay. Some like Cisco though the Cisco licensing model irritates me to no end and I refuse to use them for anything other than firewall/router at this time. Cheers, Wiley _____ From: Shawn Dillon [mailto:shawn@crsretailpro.com] Sent: Tuesday, September 21, 2004 2:39 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues I have just finished compiling and installing Asterisk on a test Debian system. All is working well. We are now attempting to get remote offices to test the system I have installed both a SIP and an IAX client at a remote office. Then I connect to our office via Microsoft ISA firewall and the Windows XP VPN client. Neither of the softphones will connect. On the IAX softphone I just get a ringtone , on the SIP client nothing. The Debian machine has two NIC's , one with a static external IP and one with an internal IP. Our remote offices are behind a mixture of firewalls. I have some questions with regards to our testing and setup. 1) Is there a way to get the SIP/IAX client to work via the VPN? This would be the easiest way. 2) If not can I install a STUN server on the same machine as the * server? Can it use the same internal and external IP's as the * server? 3) Is there a hardphone that supports VPN that has been tested? 4) What is the best hardphone to use with Asterisk? Thanks for the input Shawn Dillon The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/bb734e1a/attachment.htm
Chad Brown
2004-Sep-21 19:18 UTC
[Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues
Shawn, I am running ISA 2004. As you know this firewall is not SIP aware. I've spoken with MS LCS devs and they don't know of any SIP filters on the horizon. As far as IAX... not sure why you would be having problems. In our environment we have an ISA 2004 firewall at the central office and several remote offices with a site-to-site VPN nailed up using one of the Linksys VPN routers. There is an article on isaserver.org for establishing a site-to-site using IPSEC tunneling a new feature of ISA 2004. This works extremely well! SIP traffic is routed around ISA using a product by INGATE called the SIPARATOR. This helps us with inbound SIP calls and in/out bound calls to broadvox.net who provides PSTN gateway functionality. As far as clients.... The cisco 7960 is the only way to go in my mind. Once you get the infrastructure setup to support them they are solid! As far as softphones...we use XTEN and try to use messenger. Both solutions work via site-to-site VPN or dial-up VPN using the standard PPTP. The latest version of XTEN seems to work the best. I would love to jump on the IAX bandwagon but have several partners to work with. I this case I must choose SIP. Thanks, Chad Brown - IdentityMine ________________________________ From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Shawn Dillon Sent: Tuesday, September 21, 2004 2:39 PM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other issues I have just finished compiling and installing Asterisk on a test Debian system. All is working well. We are now attempting to get remote offices to test the system I have installed both a SIP and an IAX client at a remote office. Then I connect to our office via Microsoft ISA firewall and the Windows XP VPN client. Neither of the softphones will connect. On the IAX softphone I just get a ringtone , on the SIP client nothing. The Debian machine has two NIC's , one with a static external IP and one with an internal IP. Our remote offices are behind a mixture of firewalls. I have some questions with regards to our testing and setup. 1) Is there a way to get the SIP/IAX client to work via the VPN? This would be the easiest way. 2) If not can I install a STUN server on the same machine as the * server? Can it use the same internal and external IP's as the * server? 3) Is there a hardphone that supports VPN that has been tested? 4) What is the best hardphone to use with Asterisk? Thanks for the input Shawn Dillon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/69189ec7/attachment.htm