Remote IP phones:Public IP vs VPN 1

[DigitelD]

I have had IT techs that have recommended remote IP phones to be used with a public IP or with port forwarding. We have recommended setting them up with VPN's. Could someone list the pros and cons of each? The IT techs argue that VPN's have more overhead which would impact the IP phone more. Thanks and excuse my ignorance.

SHK Certified (School of Hard Knocks)
NCSS

 

[biv343]

VPN - it's secured. You control who can and can't access your system. You can route packets appropriately so two remote phones can talk to each other.

Public IP - Not secured. Anyone can access it, unless you run ACLs on the router that front ends it. Most likely will have one way audio problems, assuming the remote sets are going through a NAT device. A phone at one remote location may not be able to talk to a phone at another remote location unless both phones have public IP addresses as well.

I'd trade some VPN packet overhead for security and peace of mind any day.

 

[nooop]

Voice is rotton over the public WAN. Use the VPN.

 

[hawks]

I agree wiith nooop on the quality, but if the remote sites don't care about voice quality then the public IP will work for them. We use both with our different Telecommuters, if they are going to be talking to customers, vendors ect. then they get VPN but the ones that just communicate back and forth with the office then they get Public.

 

[gwebster]

Most home internet access (unless you are still on dialup modem) has plenty of up/down bandwidth to support voice from a single hard/soft phone. What you have to watch is the connection from the BCM to the internet and the number of connections over that link.

 

[gm85]

Also on the Security standpoint, keeping the BCM & IP Phones will not only prevent unauthorized access, but it will also encrypt the phone and voice data.

RTP (the protocol that is used for transmitting voice) is unencrypted by default. This is typical of most VoIP equipment (not just Nortel). If a person has access to the lines, they can easily attach a packet sniffer (WireShark for instance), capture the voice data and play it back.

By encrypting it on a VPN, the voice data can not be easily decrypted if someone captures it. VPN routers are designed to encrypt/decrypt VPN data, so the amount of overhead it adds is negligable.

I would never put a Nortel, or any other IP phone system on the internet. The benefits of utilizing a VPN far outweigh the risks.

 

[dibthree]

Setting up IP phones on the public internet is such a security risk that it boggles the mind to think anyone would do it.

Getting all your calls recorded is only one of many things that can EASILY happen if that phone is sitting on the public internet.

Remember this is VOIP which is a "connectionless" protocol not TDM.

In my opinion gm85 is the winner and gets the star!