asterisk users - Sep 2004 - Asterisk , ISA Firewall/VPN , STUN and other issues

I have just finished compiling and installing Asterisk on a test Debian
system. All is working well. We are now attempting to get remote offices
to test the system I have installed both a SIP and an IAX client at a
remote office. Then I connect to our office via Microsoft ISA firewall
and the Windows XP VPN client. Neither of the softphones will connect.
On the IAX softphone I just get a ringtone , on the SIP client nothing.
The Debian machine has two NIC's , one with a static external IP and one
with an internal IP. Our remote offices are behind a mixture of
firewalls.

 

 

I have some questions with regards to our testing and setup.

 

1)       Is there a way to get the SIP/IAX client to work via the VPN?
This would be the easiest way.

2)       If not can I install a STUN server on the same machine as the *
server? Can it use the same internal and external IP's as the * server?

3)       Is there a hardphone that supports VPN that has been tested?

4)       What is the best hardphone to use with Asterisk?

 

 

Thanks for the input

Shawn Dillon

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/3e261c52/attachment.htm

I use my XLite softphone from my Win XP box over VPN to my Cisco PIX
with no issues so this can be done.  
How that works for an ISA box is unknown to me.  I dumped ISA several
years ago do to it's (IMHO) unpredictability and low performance.
Are you using the built in VPN of WinXP or an ISA Client ?
 
Phones are very preferential.  Grandstream and SNOM make some good cheap
phones if presentation is not an issue.
I personally prefer Polycom IP300 and IP500 for ease of use and
features.  IP300 can be had for $135 on eBay.
Some like Cisco though the Cisco licensing model irritates me to no end
and I refuse to use them for anything other than firewall/router at this
time.
 
Cheers,
Wiley
 
 
 

  _____  

From: Shawn Dillon [mailto:shawn@crsretailpro.com] 
Sent: Tuesday, September 21, 2004 2:39 PM
To: asterisk-users@lists.digium.com
Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other
issues



I have just finished compiling and installing Asterisk on a test Debian
system. All is working well. We are now attempting to get remote offices
to test the system I have installed both a SIP and an IAX client at a
remote office. Then I connect to our office via Microsoft ISA firewall
and the Windows XP VPN client. Neither of the softphones will connect.
On the IAX softphone I just get a ringtone , on the SIP client nothing.
The Debian machine has two NIC's , one with a static external IP and one
with an internal IP. Our remote offices are behind a mixture of
firewalls.

 

 

I have some questions with regards to our testing and setup.

 

1)       Is there a way to get the SIP/IAX client to work via the VPN?
This would be the easiest way.

2)       If not can I install a STUN server on the same machine as the *
server? Can it use the same internal and external IP's as the * server?

3)       Is there a hardphone that supports VPN that has been tested?

4)       What is the best hardphone to use with Asterisk?

 

 

Thanks for the input

Shawn Dillon

 


The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please contact
the sender and delete the material from any computer

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/bb734e1a/attachment.htm

Shawn,

 

I am running ISA 2004. As you know this firewall is not SIP aware. I've
spoken with MS LCS devs and they don't know of any SIP filters on the
horizon. As far as IAX... not sure why you would be having problems.

 

In our environment we have an ISA 2004 firewall at the central office
and several remote offices with a site-to-site VPN nailed up using one
of the Linksys VPN routers. There is an article on isaserver.org for
establishing a site-to-site using IPSEC tunneling a new feature of ISA
2004. This works extremely well!

 

SIP traffic is routed around ISA using a product by INGATE called the
SIPARATOR. This helps us with inbound SIP calls and in/out bound calls
to broadvox.net who provides PSTN gateway functionality.

 

As far as clients....

 

The cisco 7960 is the only way to go in my mind. Once you get the
infrastructure setup to support them they are solid! As far as
softphones...we use XTEN and try to use messenger. Both solutions work
via site-to-site VPN or dial-up VPN using the standard PPTP. The latest
version of XTEN seems to work the best.

 

I would love to jump on the IAX bandwagon but have several partners to
work with. I this case I must choose SIP.

 

Thanks,

 

Chad Brown - IdentityMine

 

________________________________

From: asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Shawn
Dillon
Sent: Tuesday, September 21, 2004 2:39 PM
To: asterisk-users@lists.digium.com
Subject: [Asterisk-Users] Asterisk , ISA Firewall/VPN , STUN and other
issues

 

I have just finished compiling and installing Asterisk on a test Debian
system. All is working well. We are now attempting to get remote offices
to test the system I have installed both a SIP and an IAX client at a
remote office. Then I connect to our office via Microsoft ISA firewall
and the Windows XP VPN client. Neither of the softphones will connect.
On the IAX softphone I just get a ringtone , on the SIP client nothing.
The Debian machine has two NIC's , one with a static external IP and one
with an internal IP. Our remote offices are behind a mixture of
firewalls.

 

 

I have some questions with regards to our testing and setup.

 

1)       Is there a way to get the SIP/IAX client to work via the VPN?
This would be the easiest way.

2)       If not can I install a STUN server on the same machine as the *
server? Can it use the same internal and external IP's as the * server?

3)       Is there a hardphone that supports VPN that has been tested?

4)       What is the best hardphone to use with Asterisk?

 

 

Thanks for the input

Shawn Dillon

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20040921/69189ec7/attachment.htm