I have a /29 to use for the network. My immediate go-to set-up will be to put the asterisk server on a public IP off the /29 and harden the IPtables along with other monitoring scripts and lock down methods. Then add the router on a different /29 IP and have all the phones register through the router to the public asterisk server and limit only registrations from that router's IP address.
I then would add the three trunks I need such as inbound/outbound, international, and 911 to the asterisk box However, I do think this is best practices. It is my understanding to move the asterisk box behind a router/firewall and have the phones on the same subnet of the asterisk box. Then the router/firewall will do the trunking to the vendors. I dont know which is best nor do I know the hardware for the router/firewall device. On Mon, Jan 4, 2016 at 1:31 PM, Ron Wheeler <rwhee...@artifact-software.com> wrote: > Both work. > If you have enough IP addresses to dedicate one to your Asterisk server, > that removes one node in the path from the world. > You will need a firewall on the Asterisk server to protect it from outside > meddling. > If you can put the Asterisk server on the same network as the SIP devices > (using a second NIC) that should help performance. > > Is the SIP network on the same network as your internet/data LAN? > > Ron > > > On 04/01/2016 1:15 PM, IPN Comm wrote: > > I was wondering if anyone can give me any pointers or insights of whether > or not to have an asterisk server behind a firewall. > > I have always ran Asterisk on a public IP but was wondering if I should > move it to a local IP behind a firewall. > > I am looking to set up a location with 300 SIP phones. > > Normally, I would put the Asterisk server on one public IP and let the SIP > phones get DHCP from a router on a different IP and they would register to > the Public Asterisk server from that IP address. > > Should I move the asterisk server behind the same router? > > If so, how should the server be set up and what is the best > router/firewall hardware to accomplish this environment? > > Thanks, > -H > > > > > -- > Ron Wheeler > President > Artifact Software Inc > email: rwhee...@artifact-software.com > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
