IP Phones off premises without VPN

[techsoldc]

Is it possible to use the IP phones with the BCM 50 off premises without a VPN connection?

I have workers that work from home and have a cable modem with 3com NAT routers, and NO VPN to the office. I would like to be able to give them an IP set if possible.

 

[biv343]

It's possible, but I wouldn't recommend it. That leaves you with one big gaping security hole. VPN devices these days are cheap enough that it simply isn't worth the risk.

 

[NewTechinTown]

You can get a Netgear Prosafe 8 VPN Router for about 60-70 bucks and I know from recent experience that it sync's up with a linksys endpoint very easily(Also 60-70$). In addition to the security risk, you would have to run the IP phones publicly and the BCM's dont like being directly connected to a high traffic public LAN. They like to freeze up.

 

[techsoldc]

Can't I just open a few ports on the firewall and be somewhat safe? The client is really anxious for people in overseas plants to have the phones without having to deal with VPNs or NAT routers.

Thanks

 

[NewTechinTown]

Like I said you can run the IP phones direct to the BCM if you assign it an available public IP but it really doesnt like being told to do that. These things have a mind of their own. Another solution: If you set up at least a decent VPN at the home base that has remote access capabilities(i.e. client access software) Then all you need is a decent internet connection to run softphones on the remote end laptops! You can even turn a palm pilot into an office extension.

 

[DigitelD]

Assigning a public IP can be dangerous.

SHK Certified (School of Hard Knocks)

 

[NewTechinTown]

Thats why I said that "they really dont like being told to do that", but It is an option(though its not a smart one)!!!

 

[CharlesBr]

Hi everybody, I am really surprised to read that it is actually possible to run remote IP phones with a BCM 50. I tried to deploy one once and it would 'connect' to it (the phone could find the local IP of the BCM 50 behind its embedded router), but it would not register..And it was even using an IP license.. That same phone, when plugged in the same subnet, would come right up! Does any of you actually tried it?? Thanks

 

[ndfellow]

I have IP phones deployed in homes and remote office off a BCM 50. If you understand subnetting and the correct way to setup the S1 and port your good to go. Same concept as the i2050.

I also would not recommend running IP phones over the internet without VPN. Too much of a security risk and harder to configure the needed ports than just making a VPN.

 

[CharlesBr]

Hi ndfellow, the setup I tested was a public address assigned to the router of the BCM 50e (which has a firewall), which was not natting (directly forwarding one-to-one). The phone was behind a cheap linksys router (the private IP of the phone set to DMZ, itself under another public IP address. Its S1 would be the public address of the BCM50e, and the port would be 7000..

As for port forwarding/unblocking issues, would not DMZ and one-to-one be enough for it? Or is it necessary to set up NAT to none??

Note that the security issue was not the first concern, as the customer is a programmer and already uses VPN tunnels to connect to his customers' networks.. You understand that setting up two VPN tunnels simultaneously on the same computer would cause a bigger problem! The goal was a softphone, but I was using an i2002 for test purposes.
And its diagnostic mode would tell me that it was connected to a BCM 50, and also that it's private IP address was 192.168.1.2, the private IP assigned by the embedded router.


Thanks for sharing your experience!

 

[JustAGlitch]

Nortel recommends the Contivity 221 VPN router.