Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Phones over Internet without VPN

    The end user would like setup IP Phones running over the internet without any VPN.
    The need is to activate the phones through Public IP addresses (both sides)to the Shoregear switch.
    Did anyone have experiences about that ?
    Any suggestion ?
    Thks

    hb

  • #2
    I would strongly recommend against this. Please note that even if you get this working, it would be trivial to hijack these phones to monitor calls/do just about anything else.

    Comment


    • #3
      You may want to put it through a firewall with ACL's.

      400Degreez...

      Comment


      • #4
        That is NOT a good idea. Either buy IPSec HW equipment or purchase Shoretel's VPN concentrator and put a 230/560g/565g at the other location.

        Comment


        • #5
          Also, it is not as simple as just creating a NAT rule for a SG switch. The phone will need access to Director, the master SG switch(es), the assigned SG switch and any end point it will ever need to establish a call with (whether that be internal phones or PSTN).

          Comment


          • #6
            The only way to make this work (and I strongly advise against it) is to give everything a public ip. That is, shoretel servers, switches, and office phones. And not in a DMZ, actual public IP addresses.

            Comment


            • #7
              Doing this would be like mounting your ShoreTel switches on the footpath in front of your building. And Miersk is correct, every ShoreTel device on your system would need to be on the internet with a public IP... the reason is that handsets don't just talk to the switch, they talk directly to which ever device you have called.

              I suggest you tell the end user, "No."

              Comment


              • #8
                I would agree this is not a good idea. We have done this securely for many people, if you are interested in assistance or details with the secured solution PM me and I'd be glad to assist.

                Comment


                • #9
                  The VPN concentrator is the way to go. Just make sure you have good firewalls on both ends, I had a cheapy that I used on the remote sites and ended up having to replace them because they didn'y play well with the VPN tunnels.

                  Comment


                  • #10
                    How about using openvpn, I hear it works well or at the very least a netgear router.

                    Comment

                    Working...
                    X