Re: [Asterisk-Users] Cisco phones config over internet
Martin, In the 7960s (my firmware is P0S3-07-3-00), you can press settings and then #9 to unlock the phone. From the settings menu, #3 will take you into Network Configuration. Near the bottom (#25), you must disable DHCP and Save. Then, from within the Network Configuration menu, you can manually enter the TFTP server (#7). BTW, what are the potential difficulties with someone seeing the config files? Brian - Original Message - From: Martin Roy [EMAIL PROTECTED] To: asterisk-users@lists.digium.com Sent: Monday, January 31, 2005 3:46 PM Subject: [Asterisk-Users] Cisco phones config over internet I saw a previous post about this problem but no one seems to have a real solution for it... I have a few Cisco IP Phones 7960 that I want to install at remote locations. I can easily setup my router to forward the ports of Asterisk BUT I don't want to open my TFTP server over the Internet as all the SIP configs are in clear text... I was first of all considering making VPN connection between my main office and the remote locations but that's fine if I have VPN routers on both side. But if someone use a phone at home and they have no router or cheap ones I'm stuck... I won't ask everyone to purchase a VPN Router just to have the phone working. I know I could open a second TFTP server just for the few phones that are not on my network and leave the Name, Authentification Name and password empty in the SIP config file and add it manually on each phones but I would still need to provide the SIP firmware and all the other files open on the internet... In the Cisco phone I don't even see a way to change the default TFTP port but even that solution doesn't seem good enough... Anyone having a working setup? Thanks Martin ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Cisco phones config over internet
Brian M. Arlinghaus wrote: Martin, In the 7960s (my firmware is P0S3-07-3-00), you can press settings and then #9 to unlock the phone. From the settings menu, #3 will take you into Network Configuration. Near the bottom (#25), you must disable DHCP and Save. Then, from within the Network Configuration menu, you can manually enter the TFTP server (#7). BTW, what are the potential difficulties with someone seeing the config files? I wouldn't want the customer to see the clear-text password in the config files. I would want to lock the phone to prevent the customer mucking-up the configuration. On another note... When I observe the activity LEDs for a VPN circuit, it seems to be going full blast without and activity at either end point. Can anyone discuss the bandwidth overhead of a VPN circuit? Thanks, ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Cisco phones config over internet
There should not be any, except for the occasional rekeying. Greg On another note... When I observe the activity LEDs for a VPN circuit, it seems to be going full blast without and activity at either end point. Can anyone discuss the bandwidth overhead of a VPN circuit? ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Cisco phones config over internet
On Mon, 31 Jan 2005, Gregory Junker wrote: There should not be any, except for the occasional rekeying. That's right. If you can, try capturing traffic on either side of the VPN tunnel endpoints to see what's creating all those packets. dn ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Cisco phones config over internet
This doesn't solve the clear text issue, but how about an access list based on the mac addresses? That'll secure tftpd a little more. mitchel On Mon, 31 Jan 2005 14:04:55 -0800 (PST), David Newman [EMAIL PROTECTED] wrote: On Mon, 31 Jan 2005, Gregory Junker wrote: There should not be any, except for the occasional rekeying. That's right. If you can, try capturing traffic on either side of the VPN tunnel endpoints to see what's creating all those packets. dn ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Cisco phones config over internet
On Mon, 31 Jan 2005, Mitchel Constantin wrote: This doesn't solve the clear text issue, but how about an access list based on the mac addresses? That'll secure tftpd a little more. MAC addresses go away as soon as you have one or more router hops between phone and server. ACLs based on IP address would work, though TFTP is still by nature an insecure protocol -- no auth or crypto -- and thus vulnerable to interception anywhere along the path. dn ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
