On Wed, 28 Jul 2004, programmer_ted wrote:
> I have an X-Lite phone on my box and I'm trying
> to register it with a remote Asterisk box. Both
> the X-Lite and Asterisk are behind a NAT.
> I know it's a pain to do because of SIP not
> working well with NATs, but I know there
> are ways to do such a thing...moving the
> Asterisk box outside the NAT is not a
> possibility at the moment.
Then, how about the possibility to replace your NAT box
with something like this ...
http://www.coyotelinux.com/products.php?Product=wolverine
It's a very easy set up. Once you've burned the install
CD, it'll take you only about 2 mins to get a VPN server
up and running. The web based admin interface is the best
I have seen on any firewall or VPN product across the
entire industry and if you are so inclined, you can also
edit the configuration directly via SSH - it's command
compatible with Cisco's PIX firewalls, so if you or your
network admin are familar with PIX, you'll feel at home
with Wolverine right away.
It supports both IPPTP and Psec, so whether your X-Lite is
running on a Windoze box or a Mac, you'll be able to
tunnel in without much effort on the client side as well.
This will solve your NAT problem and do so *properly*. Any
other SIP/NAT setup should not be considered a proper
solution - those are dirty hacks that introduce more
problems than they solve, just like NAT itself. So, if you
want to do it right, your only two choices are
- get rid of NAT; or
- build a VPN
Of course there are other ways of doing VPN, but Wolverine
is by far the easiest way to set it up. It's based on
OpenSwan, by the way. As a nice bonus, all your
conversations will be secure from eavesdropping.
rgds
benjk
--
Sunrise Telephone Systems Ltd
9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan
__________________________________________________
GANBARE! NIPPON!
Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE
http://mail.ganbare-nippon.yahoo.co.jp/
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users