This is for a Business owner's home. After reading through the manuals I believe the phone has to see port 80 and 443 on the PBX plus 5060. I cant use those ports. can I change the ports in the j179 by inserting a colon and the port I would like to use after the IP address of my http server? Are there ports I am missing?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
remote j179 without VPN or SBC 2
- Thread starter G0G3tt3r
- Start date
-
1
- #2
-
1
- #3
Travis Harper
Technical User
You can do this over NAT. Not recommended, but if you forward the following ports you can get your J179 and Equinox working without an SBC.
5060-5061 TCP
5060-5061 UDP
10000-20000 UDP ( check your RTP Range in IPO..This is my range )
Forward those ports to your IPO.
For provisioning phones on from outside the IPO LAN, you need to do an extra step.
First from within the LAN go to http:ipoffice_address/46xxsetting.txt and copy the txt to a file.
Now on a public web server that your J179 and Equinox can access, create a text file called 46xxsettings.txt and past in the contents you copied. Save.
You will also need to download the security certs from the IP Office and place them in the public web server were you created the 46xxsettings.txt file. Make sure the name of the cert matches what is in the 46xxsettings.txt file. Just search the 46xxsettings.txt for SET TRUSTCERTS and make sure your name the cert exactly what you see on that line.
Now in the J179 just specify the http address as the IP address to the web server you have those files stored on. When it boots up, it checks the http address for the 46xxsettigs.txt file, downloads the cert, and registers to the IP Office.
FYI.. I use an apache web server to host my phone settings files and firmware.
Although this works, you need to make sure your IP Office is hardened if you are exposing it this way. My system is a lab system, so I can afford to throw caution to the wind.
As tlpeter stated, the only way you SHOULD do this is with an Session Border Controller.
5060-5061 TCP
5060-5061 UDP
10000-20000 UDP ( check your RTP Range in IPO..This is my range )
Forward those ports to your IPO.
For provisioning phones on from outside the IPO LAN, you need to do an extra step.
First from within the LAN go to http:ipoffice_address/46xxsetting.txt and copy the txt to a file.
Now on a public web server that your J179 and Equinox can access, create a text file called 46xxsettings.txt and past in the contents you copied. Save.
You will also need to download the security certs from the IP Office and place them in the public web server were you created the 46xxsettings.txt file. Make sure the name of the cert matches what is in the 46xxsettings.txt file. Just search the 46xxsettings.txt for SET TRUSTCERTS and make sure your name the cert exactly what you see on that line.
Now in the J179 just specify the http address as the IP address to the web server you have those files stored on. When it boots up, it checks the http address for the 46xxsettigs.txt file, downloads the cert, and registers to the IP Office.
FYI.. I use an apache web server to host my phone settings files and firmware.
Although this works, you need to make sure your IP Office is hardened if you are exposing it this way. My system is a lab system, so I can afford to throw caution to the wind.
As tlpeter stated, the only way you SHOULD do this is with an Session Border Controller.
- Thread starter
- #4
- Thread starter
- #5
- Thread starter
- #7
You should only use encrypted connections!
And with those ports the phone will be able to register but you will not hear any tone.
Need some help with IP Office?
And with those ports the phone will be able to register but you will not hear any tone.
Need some help with IP Office?
- Thread starter
- #9
You should really only be doing this over TLS (as @derfloh points out) and with non-standard ports. You'll need to sort out your certs too.
Ideally use the option for "Use Preferred Phone Ports" which will mean the below ports will be mapped as;
80 -> 8411
443 -> 411
This will be more secure as you don't want to have 80/443 open to the public.
Change your Remote TLS port to something random (but also memorable). Your auto-generated 46xxsettings.txt file will reflect this.
Make sure your firewall matches the above and you will have a better setup than the one you have currently.
ACSS (SME)
Ideally use the option for "Use Preferred Phone Ports" which will mean the below ports will be mapped as;
80 -> 8411
443 -> 411
This will be more secure as you don't want to have 80/443 open to the public.
Change your Remote TLS port to something random (but also memorable). Your auto-generated 46xxsettings.txt file will reflect this.
Make sure your firewall matches the above and you will have a better setup than the one you have currently.
ACSS (SME)
- Status
Similar threads
- Locked
- Question