BCM VoIP

[carlosmcse]

I'm trying to give users VoIP access from home via the internet. I configured the BCM LAN1 with a public IP and the netlink is setup with the default gateway IP address. I setup the Firewall filters on the BCM LAN1 with the defaukt filter to allow outgoing and drop all incoming traffic except IP Phones I then added a input filter to allow incoming traffic for ports 28000-28511 from anywhere to the public ip address of the BCM on UDP. I then configured the BCM to Publish the LAN1 interface as the VoIP interface and the IP terminal registration I put in a password so that only people that know the password can register their phones. I connected my I2050 phone from home to the BCM public IP (NO VPN) it prompted me for the password to register the phone after I entered the password the phone was able to register with the BCM and I was able to obtain a extension number automatically. I can call an extension on the other side of the bcm and the phone rings but I can't hear the conversation, the same goes the other way people from work can call me to my home extension my phone rings but can't hear the conversation. I checked the firewall logs on the BCM and it shows all traffic (Registartion and ports 28000-28511 are allowed thru, but I noticed that the BCM is showing the incoming ip address from my house as the public IP address from my home router, I can I accomplish to be able to do VoIP to my company BCM without VPN? Should I create a NAT entry on my home router to map ports 28000-28511 to my computer internal IP address where the I2050 is running? I would really wanted this to work without the VPN, We have a few people working from home using SSL VPN the BCM is having a hard time figuring out the translation of the NAT to the client that's why we can hear the conversation. SSL VPN does not assign IP addresses to the clients. Really need help on accomplishing this.

Thanks

 

[carlosmcse]

OK this is what I found so far about the BCM VoIP over the internet and probably why it can't be done without a VPN in place. The BCM requires a public IP configured on one of the LAN NIC's in my case is LAN1. The default firewall filters for the LAN1 interface was setup to allow outgoing and block incoming execpt ip Phones (This rule only allows the phone to register with the BCM) I then created a Input rule on LAN1 that allows ALL ip's and all Portocols to the IP address of the LAN1 interface for port range 28000-28511 on UDP. Now I can only hear a one way speech, I then looked what the BCM was doing (Firewall logs) and noticed that the BCM is trying to communicate from ports 28000-28511 as the source ports to (dynamic ports to the client) I looked at the firewall where my IP phone is located and noticed that the BCM is trying to comunicate with the phone with dynamic ports with source ports 28000-28511 as the source and the router is blocking the traffic. So I configured my home router with a DMZ host ip of the IP Phone (All traffic from the internet can now get to my phone) and I was able to get the two way speech working with no problem, but this is not the way i would like to configure my employees working from home, is there a gateway or something that we can install at these remote locations so that we don't have to open these ports? It would be nice if the BCM could handle VoIP over the internet without having to open ports on the client side like the way vonage works. Any sugestions? or third party device we can use as a gateway?

 

[teekow]

I have never done this, but it might be worth trying to setup an H323 client such as netmeeting to use the BCM as its gateway. I have done this in the past to make outbound calls. I never tried to figure out inbound to that client or tried it over the internet. You have to setup the h323 client on the BCM and not an Nortel IP Terminal. I am not much help past that as it has been years since I did that.

Good Luck