Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] Asterisk inside network. What phone works well?


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
idemkovitch at yahoo.com
Guest





PostPosted: Thu Oct 13, 2016 10:49 am    Post subject: [asterisk-users] Asterisk inside network. What phone works w Reply with quote

Hello list,

I have Asterisk running well inside our network. I did some experiments exposing it to internet but had some issues:
1. NAT issues (voice one way, etc). From what I understand double-NAT users will always have something like this
2. Immediately I see people trying to hack into. I did configure Fail2Ban and it works somewhat, but not 100%. Erroneous logs, etc

So.. I ended up closing network. Currently most users inside network. My home router have GRE tunnel to office so phone works just fine.
Another user uses VPN and soft phone and it works good too.

Now I need to setup some users with actual phone devices and none of those solutions will work. So, I did some research and found
that some phones have VPN capability built in.

Right now I use Cisco SPA504G phones. We have auto-provisioning for them, works well. But I don’t think they have VPN capability.


What I found it that Cisco 525g2 has AnyConnect functionality (SSL VPN) but not sure if this is what I need.

We have Mikrotik router. Can I setup VPN on router and have this Cisco phone auto-dial VPN and then connect to Asterisk? I’m asking to see if this will work before I go in and buy that phone.
Or maybe there is other devices/solutions you suggest? I’d like to stay with Cisco because I’m somewhat familiar with provisioning those..

Thank you
Ivan
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
kevin.larsen at pionee...
Guest





PostPosted: Thu Oct 13, 2016 11:07 am    Post subject: [asterisk-users] Asterisk inside network. What phone works w Reply with quote

Quote:
I have Asterisk running well inside our network. I did some
experiments exposing it to internet but had some issues:
1. NAT issues (voice one way, etc). From what I understand double-
NAT users will always have something like this
2. Immediately I see people trying to hack into. I did configure
Fail2Ban and it works somewhat, but not 100%. Erroneous logs, etc

So.. I ended up closing network. Currently most users inside
network. My home router have GRE tunnel to office so phone works just fine.
Another user uses VPN and soft phone and it works good too.

Now I need to setup some users with actual phone devices and none of
those solutions will work. So, I did some research and found
that some phones have VPN capability built in.

Right now I use Cisco SPA504G phones. We have auto-provisioning for
them, works well. But I don’t think they have VPN capability.


What I found it that Cisco 525g2 has AnyConnect functionality (SSL
VPN) but not sure if this is what I need.

We have Mikrotik router. Can I setup VPN on router and have this
Cisco phone auto-dial VPN and then connect to Asterisk? I’m asking
to see if this will work before I go in and buy that phone.
Or maybe there is other devices/solutions you suggest? I’d like to
stay with Cisco because I’m somewhat familiar with provisioning those..

I haven't done this myself, but I think what you need to look at is phones that can do IPSEC vpn setups.

For the Mikrotik router, this may be helpful to start investigating:
http://wiki.mikrotik.com/wiki/L2TP_%2B_IPSEC_between_Mikrotik_router_and_a_PC ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
Back to top
rswagoner at gmail.com
Guest





PostPosted: Fri Oct 14, 2016 4:22 pm    Post subject: [asterisk-users] Asterisk inside network. What phone works w Reply with quote

On Thu, Oct 13, 2016 at 12:06 PM, <kevin.larsen@pioneerballoon.com (kevin.larsen@pioneerballoon.com)> wrote:
Quote:
> I have Asterisk running well inside our network. I did some
Quote:
experiments exposing it to internet but had some issues:
1. NAT issues (voice one way, etc). From what I understand double-
NAT users will always have something like this
2. Immediately I see people trying to hack into. I did configure
Fail2Ban and it works somewhat, but not 100%. Erroneous logs, etc

So.. I ended up closing network. Currently most users inside
network. My home router have GRE tunnel to office so phone works just fine.
Another user uses VPN and soft phone and it works good too.

Now I need to setup some users with actual phone devices and none of
those solutions will work. So, I did some research and found
that some phones have VPN capability built in.

Right now I use Cisco SPA504G phones. We have auto-provisioning for
them, works well. But I don’t think they have VPN capability.


What I found it that Cisco 525g2 has AnyConnect functionality (SSL
VPN) but not sure if this is what I need.

We have Mikrotik router. Can I setup VPN on router and have this
Cisco phone auto-dial VPN and then connect to Asterisk? I’m asking
to see if this will work before I go in and buy that phone.
Or maybe there is other devices/solutions you suggest? I’d like to
stay with Cisco because I’m somewhat familiar with provisioning those..

I haven't done this myself, but I think what you need to look at is phones that can do IPSEC vpn setups.

For the Mikrotik router, this may be helpful to start investigating:
http://wiki.mikrotik.com/wiki/L2TP_%2B_IPSEC_between_Mikrotik_router_and_a_PC 


I have Asterisk installs behind Vyatta (linux iptables) and pfSense (freebsd pf) NAT routers and majority of the time there are no issues with phones outside the network. My go to phones are Polycom VVX series or X-Lite / Bria softphones. The key is to make sure you have configured Asterisk sip.conf with the externip= and nat=yes settings. Additionally on the NAT routers that the outside phones are behind SIP ALG should be disabled.


Ryan
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services