Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can UCA be run in Teleworker mode without a Softphone? 1

Status
Not open for further replies.

308win

MIS
May 2, 2001
268
US
Is there a way to run the UCA client (5.0) in a secure manner (Teleworker) without configuring a softphone? I have several people with physical phones in their homes. In order to get these people working with the UCA remotely our vendor told us to allow direct access across the internet to our MAS server (NATed at my firewall) so that the UCA client can work with it. This just doesn't seem right at all as the traffic is unencrypted, I can see it with a packet capture. We do have other people using Softphones through our MBG.

 
One option would be to run a VPN. Seen several posts in this forum from people who do that rather then using a Teleworker.

Just curious what data you see that is unencrypted.

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.
 
Presence changes are readable. Chat is not readable raw but I have no assurance that it can't be decrypted/decoded. The fact that the Teleworker mode is encrypted and fronted by the MBG leads me to believe that I have vulnerabilities exposing my MAS server to the Internet.

VPN is an option but with our migration to SharePoint for file sharing and Outlook Anywhere 95% of my remote people no longer need one to do their work. It would be nice if the UCA could follow in a secure manner.
 
UCA can run in teleworker mode without a softphone. Put their extension in and generate and retrieve certificate. You also have to add the pseudo mac to the minet enabled phones. My typical install would use the proxy in mbg for any external uca.
 
Thank you very much, adding the MiNet device on the MBG was the clue I needed. a1:21:00:00:##:## I didn't think I needed that because I didn't want the softphone. Works like a charm.
 
Mitel's documentation is somewhat sketchy on this. Glad it's working for you. [smile]
 
It doesn't consume a Teleworker license on the MBG either, so long as the UCA profile has no Softphone at all. If you have one, even the different DN, it will consume. The MBG event log showed my softphone pseudo MAC even when I was using a different 'dummy' DN. Once I removed the softphone from my UCA profile it stopped happening.
 
Ver 6.0 UCa no longer requires the dummy device and certificate either

If I never did anything I'd never done before , I'd never do anything.....
 
Does that mean that with 6.0 you put it into teleworker mode, point it at your MBG and it 'just works'?
 
the client must use a fqdn that is reachable from outside your network.

- appropriate Ports either forwarded from the assoicated IP address to the the MAS/UCA server or via MBG as proxy
Then yes it just works.
It uses similar communications path as for smart device and web portal

If I never did anything I'd never done before , I'd never do anything.....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top