(actually a 4th option is to use a vpn enabled phone. snom is the only vendor I know of that has one, but quite frankly I never had good luck with the very first model they shipped, as you cannot have a 2 factor vpn credential like certificate and user/password).
On Thu, Jun 17, 2010 at 6:11 AM, Tony Graziano <[email protected]> wrote: > Actually a third option for remote users is to VPN in. But that goes > without saying. > > On Thu, Jun 17, 2010 at 6:09 AM, Tony Graziano > <[email protected]> wrote: >> There are two ways to handle this... >> >> 1. Setup sipx to be behind nat, enabling support for remote users and >> server behind nat, as well as enabling the role for siptrunking and >> setup your firewall accordingly, which for whatever reason is "not >> acceptable in your environment". >> >> or >> >> 2. Do none of the above and use a separate SBC to handle those roles. >> >> The most recent IETF draft: >> >> http://tools.ietf.org/html/draft-ietf-sipping-nat-scenarios-10#page-10 >> >> (4.1.1. Symmetric Response) is what sipx does in method 1 above. The >> IETF draft considers it reliable adn does not consider it to be a >> security issue. Nor do I. >> >> ICE is actually a layered protocol. It is reliable, but sipx does not >> implement it. Whether you want ICE, STUN or TURN, these can be >> delivered from a firewall with "sip awareness" or from a SBC with >> these capabilities (i.e. Ingate, etc.). We do this all the time for >> customers who need to make trunking or dial plan changes during work >> hours without disruption to users. >> >> Good luck. >> >> On Wed, Jun 16, 2010 at 10:19 PM, Richard Zhao <[email protected]> wrote: >>> Hi, >>> >>> We are trying out sipXecs for internal usage. An important factor for >>> us is NAT traversal. We have some experience with Microsoft OCS and it >>> uses ICE for NAT traversal. It seems a good way to handle this. >>> >>> I checked sipXecs docs and it is not very clear about how to configure >>> STUN/TURN for ICE protocol. Does anyone have experience on this? How >>> should we set up STUN/TRUN server and have ICE available? I read that >>> OpenSips has an internal STUN server and it works well. Can I have an >>> internal STUN server in sipXecs? >>> >>> I know that sipXecs has some built-in NAT traversal mechanism but it >>> needs pinholes on the firewall. That is not acceptable in our >>> environment. >>> >>> Thanks for your help, >>> Richard >>> _______________________________________________ >>> sipx-users mailing list [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users >>> Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users >>> sipXecs IP PBX -- http://www.sipfoundry.org/ >> >> >> >> -- >> ====================== >> Tony Graziano, Manager >> Telephone: 434.984.8430 >> sip: [email protected] >> Fax: 434.984.8431 >> >> Email: [email protected] >> >> LAN/Telephony/Security and Control Systems Helpdesk: >> Telephone: 434.984.8426 >> sip: [email protected] >> Fax: 434.984.8427 >> >> Helpdesk Contract Customers: >> http://www.myitdepartment.net/gethelp/ >> >> Why do mathematicians always confuse Halloween and Christmas? >> Because 31 Oct = 25 Dec. >> > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
