Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Softphone/Call Manager Off Site Without VPN

    Is this possible? Our users love the ability to connect to exchange (outlook) and office communicator from home without connecting to VPN, is there any possible configuration where they could connect to the shoretel without connecting to VPN first?

  • #2
    It's not supported by ShoreTel and would probably not be very easy to set up. But you could look at using GotoMyPc or Logmein to control your PCM and assign your extension to a mobile phone.

    Comment


    • #3
      Originally posted by Kevin View Post
      It's not supported by ShoreTel and would probably not be very easy to set up. But you could look at using GotoMyPc or Logmein to control your PCM and assign your extension to a mobile phone.
      If i'm going to use one of those products then I can connect to the VPN, I'm hoping to find a way for it to "just work"

      Comment


      • #4
        You could give it a try. You'll need to open UDP ports 1024 through 65,535 to the public internet for the Shoretel server. Let us know how it works out.

        Comment


        • #5
          Originally posted by mdmogren View Post
          If i'm going to use one of those products then I can connect to the VPN, I'm hoping to find a way for it to "just work"
          It will "just work" with a VPN setup. It is probably easier to set up a VPN than trying to secure an installation with ports open from the Internet to your ShoreTel server.

          Comment


          • #6
            Originally posted by Kevin View Post
            It will "just work" with a VPN setup. It is probably easier to set up a VPN than trying to secure an installation with ports open from the Internet to your ShoreTel server.
            ~64,000 ports open to the internet is not secure?

            Comment


            • #7
              If there's nothing listening on those ports, maybe, but probably not. If they've found bugs in Intel CPU hardware, surely they can find bugs in the Windows UDP stack, even if nothing were listening.

              Comment


              • #8
                Originally posted by Kevin View Post
                It will "just work" with a VPN setup. It is probably easier to set up a VPN than trying to secure an installation with ports open from the Internet to your ShoreTel server.
                The problem is that 1) VPN does not always connect from behind certain firewall configs and 2) VPN means that all network traffic now comes thru our office (read: personal web surfing/streaming/downloading) and can create some bandwidth issues, splitting the VPN tunnel presents another security issue, but perhaps less of one than opening so many ports...

                Comment


                • #9
                  If you wish to solve both of these, I would recommend split tunnel and a SSL VPN. These VPNs don;t use IPSEC (They can be configured to look like HTTPS even), so they make it through a lot more firewalls. For the security issue, you could potentially implement firewalls at the head end to restrict traffic, but this could be a lot of work to maintain.

                  Comment


                  • #10
                    Originally posted by Kevin View Post
                    It will "just work" with a VPN setup. It is probably easier to set up a VPN than trying to secure an installation with ports open from the Internet to your ShoreTel server.
                    Two things on this

                    1 and the most important You cannot control connectivity on the public network

                    2 and probably as important and already mentioned security

                    To get around #2 you will need to have a DMZ/Proxy/Firewall that will see the incoming IP public address of the Remote User and push that info direct to ST.

                    It is not a recommended method to connect, I think a good solution and one I would recommend is the Blackberry

                    Comment


                    • #11
                      Originally posted by Palitto Consulting View Post
                      If you wish to solve both of these, I would recommend split tunnel and a SSL VPN. These VPNs don;t use IPSEC (They can be configured to look like HTTPS even), so they make it through a lot more firewalls. For the security issue, you could potentially implement firewalls at the head end to restrict traffic, but this could be a lot of work to maintain.
                      I'm interested to hear more about the SSL VPN solution, do you have any products to recommend? Currently we just use the Microsoft VPN Server/Client...

                      Comment


                      • #12
                        I do not have a lot of experience with them relating to Shoretel. The only one I have used heavily is OpenVPN, but I have never tried it with ShoreTel. Perhaps someone else can recommend a hardware-based one.

                        Comment


                        • #13
                          Originally posted by mdmogren View Post
                          I'm interested to hear more about the SSL VPN solution, do you have any products to recommend? Currently we just use the Microsoft VPN Server/Client...
                          I haven't used it myself, but I know that Barracuda has a hardware appliance for SSL VPN.

                          Barracuda SSL VPN - Secure Remote Access From Any Web Browser

                          Comment


                          • #14
                            We use the Juniper SA 2500 SSL VPN, it is a great product, but not really cheap. As a bonus, we use the Secure Meeting features, much cheaper than ST or other web meeting solutions out there.

                            Derek

                            Comment

                            Working...
                            X