Re: [Asterisk-Users] X-Lite to Asterisk through NAT?

[programmer_ted]

Thanks for your reply, Wolverine looks OK, but we aren't in a position to set up another box yet (the NAT is a router).  I've set up PoPToP on the Linux box and I'm able to connect to it from another machine fine, but we need the same Linux box to be able to connect to it.  Unfortunately, both pptpclient and PoPToP operate on the same (non-configurable) port, so the client can't connect to the server! Any ideas with my short elaboration in mind? :) Ted Sunrise Ltd wrote: On Wed, 28 Jul 2004, programmer_ted wrote: I have an X-Lite phone on my box and I'm trying to register it with a remote Asterisk box. Both the X-Lite and Asterisk are behind a NAT. I know it's a pain to do because of SIP not working well with NATs, but I know there are ways to do such a thing...moving the Asterisk box outside the NAT is not a possibility at the moment. Then, how about the possibility to replace your NAT box with something like this ... http://www.coyotelinux.com/products.php?Product=wolverine It's a very easy set up. Once you've burned the install CD, it'll take you only about 2 mins to get a VPN server up and running. The web based admin interface is the best I have seen on any firewall or VPN product across the entire industry and if you are so inclined, you can also edit the configuration directly via SSH - it's command compatible with Cisco's PIX firewalls, so if you or your network admin are familar with PIX, you'll feel at home with Wolverine right away. It supports both IPPTP and Psec, so whether your X-Lite is running on a Windoze box or a Mac, you'll be able to tunnel in without much effort on the client side as well. This will solve your NAT problem and do so *properly*. Any other SIP/NAT setup should not be considered a proper solution - those are dirty hacks that introduce more problems than they solve, just like NAT itself. So, if you want to do it right, your only two choices are - get rid of NAT; or - build a VPN Of course there are other ways of doing VPN, but Wolverine is by far the easiest way to set it up. It's based on OpenSwan, by the way. As a nice bonus, all your conversations will be secure from eavesdropping. rgds benjk -- Sunrise Telephone Systems Ltd 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan __________________________________________________ GANBARE! NIPPON! Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE http://mail.ganbare-nippon.yahoo.co.jp/ _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users