Jump to content

Expose PBXnSIP through internet

Rudi Groenewald

By Rudi Groenewald
in Firewalls and NAT

 Share

Recommended Posts

Rudi Groenewald Newbie

Rudi Groenewald

Posted
Posted

Hi all,

 

We've got 3 employees working from home which I want to give the facility to register to their extentions on pbxnsip. We've got static IPs, so I'd like to know is there a guide on how to achieve this? We use ISA server as our firewall and proxy and I have a static IP available for use just for sip and rtp traffic.

 

Could you give me some sort of guidance on what I would have to set on pbxnsip to get the registration and rtp traffic flowing correctly? I tried this once when we still on dynamic ips and I could get the phones to register, but I couldn't get any voice once a call was established. Any ideas?

 

Regards,

 

Rudi Groenewald

Link to comment
Share on other sites
shopcomputer Newbie

shopcomputer

Posted
Posted
Hi all,

 

We've got 3 employees working from home which I want to give the facility to register to their extentions on pbxnsip. We've got static IPs, so I'd like to know is there a guide on how to achieve this? We use ISA server as our firewall and proxy and I have a static IP available for use just for sip and rtp traffic.

 

Could you give me some sort of guidance on what I would have to set on pbxnsip to get the registration and rtp traffic flowing correctly? I tried this once when we still on dynamic ips and I could get the phones to register, but I couldn't get any voice once a call was established. Any ideas?

 

Regards,

 

Rudi Groenewald

ISA is not going to pass sip traffic.

Link to comment
Share on other sites
shopcomputer Newbie

shopcomputer

Posted
Posted
allright... but why would you say that... what would isa not do that any other firewall will do?

ISA opens packets and is not application aware of SIP, at least till last version we use, which is ISA 2004. we had to get rid of ISA at our clients that went to sip.

 

I do have 1 client where it started miracliously working, I won't touch it.

Link to comment
Share on other sites
andrewgroup Newbie

andrewgroup

Posted
Posted

It took about 1 google search to quickly determine the recommendations are;

First Master ISA, Second Master Group Policies, need a MS ADM for port ranges, Hack the crap out of Server to allow you to affix PortRanges for a variety of services, 5060 and the RTP streams.... Read the many posts on Microsoft Social Networking sites, Still feel lucky?

 

Or Put a Low Cost SIP AWARE Firewall Router on the LAN, and avoid all possibilites of a hack by using static routes at the central router to the remote sites, Secure the PBX with access ranges, and if you need to split a single ethernet feed from the ISP, use a suitable switch that SUPPORTS port based QOS and assign the PBX to a higher Queue than the LAN....DSCP value the incoming packets if you can.

 

(Geeze, I hope you weren't thinking of running PBX on a system with ISA, Were you?)

 

Much of this is reference in OCS installation guides for EDGE deployments..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...