Accessing BCM and CS1000 from Public Internet 2

[jifitz]

I have a 2 BCM400s and a CS1000. I would like to to try to configure the boxes from the outside. Right now we are sending our remote VOIP traffic over VPNs that are having many issues including own way voice, and dropped calls. I wan to put a Sonicwall PRO1260 in front of it and open ports to direct all traffic the Nortel boxes. And then I want to program the I2002 and I2004 IP Sets Server 1 and Server 2 as a public IP. Can this be done and if so how?

Thanks in advance for your advice.
James

I posted this on the PBX side and they suggested that I post here.

 

[biv343]

It can be done, but I don't think many people would recommend it. You'd need to forward all ports (7000, 28000-28255 I believe). Then you need to hope that the NAT from the firewall to the BCM's internal address doesn't break the speech path.

A good VPN would be the preferred way to go.

 

[curtismo]

You would have to give all of your I2002 and I2004 IP Sets at your home site a public address also. The voice path does not go through the server. Do you have that many address? Do you want the network security issues?

Have you done some testing of all your internet connections for latency, bandwidth, etc.? Have you set your off-site phone to use a lower-bandwidth, such as a G.729 codec?

I use a Nortel VPN with the 2050 softphone without an issue. I've also used a i2004 phone attached to a 1050 VPN and branch tunnel into the network without problems.

 

[jifitz]

Thank you again for your advice. We already have them setup thru a VPN service that is not very friendly to VOIP. We are also using the 729 codec. I was trying to go around our current VPN. They use SSL I would rather have IPSec. MPLS would also help. We do not have the same issues in our 3 corp offices that have 10 Gig pipe. I have enough information from all of these posts to make a desision.

Thanks again.

 

[curtismo]

I use the Nortel VPN Gateway 3050 which supports SSL and IPSec. Personally, because one place I go blocks IPSec, I use the SSL and Nortel's NetDirect software which allows the network VPN access to the local PC; works great with my 2050 IP phone.

 

[lckoolj]

jifitz - what solution did you ultimately come up with? I am trying to do the same thing with a BCM50 and can get the phones to connect through my SonicWall 4100, but no voice. I have had three different SonicWall techs try to solve this issue already, and no luck. Any advice would be appreciated!

 

[DaddyOfThree]

I would really advise the use of a VPN (IPSec/SSL) client over allowed direct Internet access to your Succession/BCM/SRG environments. As Curtismo reports, I've been using Juniper's SSL VPN with the Nortel i2050 with great success for business office users and Call Center agents.

With respect to lckoolj's comments.. I would make sure that you are routing all the appropriate destination networks over the tunnel. The signaling path and voice path are established with different IP endpoints. It sounds like you might not have the VGMC endpoints in your tunnel configuration.

Cheers!