On Wed, Feb 11, 2009 at 1:56 PM, Gordon Henderson <gordon+aster...@drogon.net> wrote: > On Wed, 11 Feb 2009, Erick Perez wrote: > >> Excuse my ignorance but if i have an asterisk in a LAN, and i have >> users in their homes/internet (dozens), in order to correctly connect >> those users across my firewall, what is the technology that i need to >> buy, called? >> secure border gateway? >> session controller? >> secure gateway? >> the audiocodes site seems to have many names for the same thing...but >> i better ask here and learn before i make a big mistake. >> >> my customer has a dumb firewall (not SIP aware) that will not replace. >> he wants another box to do the magic. > > I have many customers like that, and "working from home" is gaining > momenting where I live... > > So the scenario (if I interpret it correctly): Asterisk at HQ is behind a > NAT firewall with remote users (who themselves may be behing a NAT > firewall) > > HQ needs a static IP address on the outside and plenty of bandwidth. > > The dumb router at HQ needs to port-forward external port 5060 and > 10000-20000 into the asterisk box (you can limit this range - see > rtp.conf) Most dumb routers can port-forward. > > Asterisk needs to know it's LAN and extneral ip address - sip.conf, > externip= and localnet= > > remote extensions need nat=yes in sip.conf > > and that's basically it. > > If the remote extensions are themselves behind a NAT firewall, then the > easiest way to get them through it is by using a stun server - ether run > your own, or use someone elses... Do not do any port-forwarding at the > remote users sites. > > Yes, you can fiddle about with proxies, gateways, etc. but keep it simple > to start with and I have many installations doing it this way and it "just > works". One day I'm sure I'll trip up, but until then... > > Pitfalls - the same with all VoIP - bandwidth, espeically outgoing b/w > from HQ. Broken NAT gateways, and routers which have SIP ALGs built in > which are also broken. (Turn them off!) > > Routers with broken SIP ALG are the biggest PITA to work round. > > Gordon > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Thank you all for the excellent responses. I will do some test here to decide on a method/technology to use. -- ------------------------------------------------------------ Erick Perez Cel +(507) 6675-5083 ------------------------------------------------------------ _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users