On Wed, 11 Feb 2009, Erick Perez wrote: > Excuse my ignorance but if i have an asterisk in a LAN, and i have > users in their homes/internet (dozens), in order to correctly connect > those users across my firewall, what is the technology that i need to > buy, called? > secure border gateway? > session controller? > secure gateway? > the audiocodes site seems to have many names for the same thing...but > i better ask here and learn before i make a big mistake. > > my customer has a dumb firewall (not SIP aware) that will not replace. > he wants another box to do the magic.
I have many customers like that, and "working from home" is gaining momenting where I live... So the scenario (if I interpret it correctly): Asterisk at HQ is behind a NAT firewall with remote users (who themselves may be behing a NAT firewall) HQ needs a static IP address on the outside and plenty of bandwidth. The dumb router at HQ needs to port-forward external port 5060 and 10000-20000 into the asterisk box (you can limit this range - see rtp.conf) Most dumb routers can port-forward. Asterisk needs to know it's LAN and extneral ip address - sip.conf, externip= and localnet= remote extensions need nat=yes in sip.conf and that's basically it. If the remote extensions are themselves behind a NAT firewall, then the easiest way to get them through it is by using a stun server - ether run your own, or use someone elses... Do not do any port-forwarding at the remote users sites. Yes, you can fiddle about with proxies, gateways, etc. but keep it simple to start with and I have many installations doing it this way and it "just works". One day I'm sure I'll trip up, but until then... Pitfalls - the same with all VoIP - bandwidth, espeically outgoing b/w from HQ. Broken NAT gateways, and routers which have SIP ALGs built in which are also broken. (Turn them off!) Routers with broken SIP ALG are the biggest PITA to work round. Gordon _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users