asterisk users - Feb 2005 - Asterisk network architecture

Hello,

I'm currently working on a new installation and wondering which 
architecture and protocol I should use...

I want to share my Asterisk server between users on my internal LAN and 
a user connecting via Internet...

So, my server has to be reachable from outside and also from inside... 
For the external user, I'll use a softphone and probably IAX2 ? What 
about internal users and IP phone ? We have grandstream budgetone and I 
don't know which protocol I should use.

I'd like to find a way to have my asterisk server in a DMZ protected 
from outside and not directly on the internal network. Is there any 
recommended architecture ?

Also, is the traffic between external user to asterisk server encrypted 
? and is there any softphone with rsa keys auth ?

Thanks

>I'd like to find a way to have my asterisk server in a DMZ protected 
>from outside and not directly on the internal network. Is there any 
>recommended architecture ?
One of my current installs is a DMZ with an * server protected from outside
and inside with Monowall:

http://www.m0n0.ch/wall/

The Asterisk server talks IAX over the Net to a primary Asterisk server that
provides PSTN connectivity; SIP is used inside the LAN. Asterisk is
sandwiched between the two monowalls and it works great. 

Basically, Monowall rocks. Brain dead easy install and boots off a CD; get's
it's config from a user-editable XML file on a floppy. I especially like the
traffic shaper which seems to work fine. My only quibble is that it is
extremely bitchy about the traffic rules, they have to be set up *just* so,
or they won't work. The first time I set it up, I had to mess about with a
port scanner and sniffer to figure out that it was working. But once you get
used to it, it's a no brainer. 

hth