Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Do IP phones work on a DMZ

Status
Not open for further replies.
resicom

resicom

Vendor
Jan 14, 2014
12
0
0
US
Had a customers coumputer guys ask me if I had to have a vpn to install a couple of ip phones at a remote site or if they would work on a DMZ. Not familiar with a DMZ but guess it is more like port forwarding with less overhead than a VPN and would keep the customer from having to buy a new router.
 
Sort by date Sort by votes
well the 96XX series of IP phones have built in VPN firmware with the new release (9.0) so I would set up a VPN on the IP Office side of things and use the built in firmware on the remote IP Phones
 
Upvote 0 Downvote
Had alot of trouble and never did get the vpn phones working on another job. Avaya's list of recommended vpn routers was outdated and could not get decent tech support on getting the phone working. I am sure it is better now. They were trying to keep from changing out the router on the head end where the ip office is. Just am not familiar with a DMZ and if it will work
 
Upvote 0 Downvote
Im not familiar with DMZ myself but I'll see if I can find any documentation for ya
 
Upvote 0 Downvote
So after doing some research I see no reason why you can't set up DMZ for the remote IP phones (not sure how mind you), but there is a good chance this will leave you open to toll fraud if the firewall is not set up correctly. It looks like a fairly involved process on the IT side of things. To me, it seems easier and more safe to use VPN.
 
Upvote 0 Downvote
thanks ipolmans, that is what i found out too. Does not look to hard to setup, but you have to use a 9600 series phone. It is h323 and you use remote worker. Not a good solution for alot of phones. And you are right, it is not near as secure as the traffic is not encrypted. You get 4 remote worker licenses with essential but still need ip endpoint.
 
Upvote 0 Downvote
Indeed, lack of knowledge should never ever put the customer at risk of being hacked.
Use a VPN tunnel or VPN phones.


BAZINGA!

I'm not insane, my mother had me tested!

 
Upvote 0 Downvote
VPN phone with compatible VPN router is the correct way to do this

Nat traversal with port forwarding is an option provided you are careful which ports are forwarded. This will not work for all end users depending on their ISP (Virgin Media in the UK is known to be unusable for this & possibly others) so is only worth considering for a small number of users.

As previously stated NEVER put the IPO in a DMZ & NEVER connect the IPO directly to the internet.


A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
Thanks everyone, confirmed what i suspected. will be creating a vpn tunnel between two vpn routers. Would love to use a vpn phone, but not going to risk that as last time i tried one i lost my butt. 2 weeks and 3 tek supports and never did get it working. Cost me too much to try lol. Thanks for all the help and good info
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leekawai
  • Question
Auth code does work in IP Office Softphone
Replies
0
Views
155
leekawai
leekawai
Dimorus
  • Locked
  • Question
ip office 406 and ip office 400 analog phones (downgrade)
Replies
4
Views
106
ipohead
ipohead
William C290
  • Solved
J100 Phones on Remote Location
Replies
5
Views
323
William C290
William C290
thubley
  • Locked
  • Question
Reoccurring certificate warnings on phones 2
Replies
17
Views
262
Ekster
Ekster
PhonesandFarming
  • Locked
  • Question
multiple door phones to ipo? 3
Replies
4
Views
77
jinxs
jinxs

Part and Inventory Search

Sponsor

Back
Top