Actually a third option for remote users is to VPN in. But that goes without saying.
On Thu, Jun 17, 2010 at 6:09 AM, Tony Graziano <[email protected]> wrote: > There are two ways to handle this... > > 1. Setup sipx to be behind nat, enabling support for remote users and > server behind nat, as well as enabling the role for siptrunking and > setup your firewall accordingly, which for whatever reason is "not > acceptable in your environment". > > or > > 2. Do none of the above and use a separate SBC to handle those roles. > > The most recent IETF draft: > > http://tools.ietf.org/html/draft-ietf-sipping-nat-scenarios-10#page-10 > > (4.1.1. Symmetric Response) is what sipx does in method 1 above. The > IETF draft considers it reliable adn does not consider it to be a > security issue. Nor do I. > > ICE is actually a layered protocol. It is reliable, but sipx does not > implement it. Whether you want ICE, STUN or TURN, these can be > delivered from a firewall with "sip awareness" or from a SBC with > these capabilities (i.e. Ingate, etc.). We do this all the time for > customers who need to make trunking or dial plan changes during work > hours without disruption to users. > > Good luck. > > On Wed, Jun 16, 2010 at 10:19 PM, Richard Zhao <[email protected]> wrote: >> Hi, >> >> We are trying out sipXecs for internal usage. An important factor for >> us is NAT traversal. We have some experience with Microsoft OCS and it >> uses ICE for NAT traversal. It seems a good way to handle this. >> >> I checked sipXecs docs and it is not very clear about how to configure >> STUN/TURN for ICE protocol. Does anyone have experience on this? How >> should we set up STUN/TRUN server and have ICE available? I read that >> OpenSips has an internal STUN server and it works well. Can I have an >> internal STUN server in sipXecs? >> >> I know that sipXecs has some built-in NAT traversal mechanism but it >> needs pinholes on the firewall. That is not acceptable in our >> environment. >> >> Thanks for your help, >> Richard >> _______________________________________________ >> sipx-users mailing list [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users >> Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users >> sipXecs IP PBX -- http://www.sipfoundry.org/ > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
