Video Softphone without using VPN from external? 4

[Path13]

Has anyone been able to login with a Video softphone outside the LAN without using a VPN client? I have tried several things with Routers/Firewalls and can't seem to get it to work unless you VPN into the network. I have a client who's requirements in one venue internationally that VPN is not an option. Thanks in advance!!!

 

[qtelcom]

I would say wait for flare on the next release, hopefully they have the video working. I don't think the softphone will work with the VPN period.

 

[Path13]

Hmm... maybe I am describing this the wrong way..... using a VPN client, or being local on the LAN, the softphone works perfectly.... what we are attempting to do is utilize the Avaya softphone without having to use VPN or be on the local network.... whenever we point a public IP at the IP Office through the router without VPN, the softphone won't register. Using Cisco ASA's for routers. I do appreciate the reply though.

 

[Bas1234]

It's not supported, and i don't think you will get it to work without a VPN. You might try to turn on "Remote H323 extension" on the LAN1 or 2. read the help to see what ports need to be forwarded.

___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged (Avaya Search tool

http://tinyurl.com/bas1234

)
______________________________________

 

[Path13]

I understand it is not supported. That is exactly what the distributor said. However, I have yet to hear why it isn't, or what about the process doesn't work.If it is UDP and TCP port forwarding, then that has been tried... also, raw internet to the WAN... simply can't "enable the accounts". Anyways, I appreciate the responses. If anyone has even gotten a softphone to simply login to the IP Office without VPN, I would like to know. This particular caveat will determine whether this International client stays with the IP Office, or replaces it with something different. Thanks folks!!

 

[trinetintl]

I am sure there is probably a way to connect without the VPN but in the back of my mind I always had issues about security. Particularly of an authorized video phone connecting or how about the call being sniffed/tapped? I always had this concern ever since the newer releases began to include the Remote Worker licenses where you do not need the VPN tunnel anymore. Should I be a concern?

RE

http://www.trinet-intl.com

APSS - SME
ACIS - SME

 

[Path13]

While there is a security concern, if it can be done without VPN then it can be worked backwards to increase security. Need a start and then work towards the goal and see what limitations are there. Security is easy, once you know what you can secure, and what you can't.

 

[Bas1234]

You cannot get it to work without VPN, in the RTP stream the IPO will send its internal IP instead of its external IP so you will never get speech.

You only can try if you enable remote H323 phones, but i doubt it will work and it's only in R8.X and not in the lower versions.

___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged (Avaya Search tool

http://tinyurl.com/bas1234

)
______________________________________

 

[trinetintl]

@Path13, honestly I have not even considered running a IP phone or softphone without a VPN tunnel because of my security concerns. Like you said start by connecting one of your IPO LAN ports straight to the internet without any firewalls, just give it a public static IP and if it works then there is your starting point and you can then add the firewall. However I have a feeling you are just looking for trouble, why don't you just install a solid Juniper, CISCO, or Sonicwall firewall with the VPN client on the laptop and you are good to go.
I used to connect with OpenVPN and Untangle as was able to make calls from my laptop all over Europe, no problems.

RE

http://www.trinet-intl.com

APSS - SME
ACIS - SME

 

[mattKnight]

> if it can be done without VPN then it can be worked backwards to increase security

Why implementy something twice
Once to make it work then again to make it secure?

Why not do it once - working and secure?

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

 

[Path13]

Sorry guys, I don't usually do the forum thing. I explain my premise a little further, although I probably have my answer. The client has international employees all over, currently using Cisco ASA and the corresponding VPN to gain access to the network. That of course, works perfectly. In one facility in particular, that they are borrowing/using space (because of the particular project that they are doing which incidentally has to be done from that space) , VPN use is strictly prohibited. So while it is an option for most, there are a few important users, that have to connect without the use of the VPN client.... We may just send out phones to them instead, but this was an option that had to be explored because of one blasted site they are using for access. Thanks folks...

 

[greenlight1]

We have 9608's running without a VPN. Just using port forwarding on the CISCOs ASA and relevant Avaya settings on the IPO 500 V2. That being said, it was very difficult to configure. We also learned that once you plug in the 9608 to the system first time within the firewall, IPO assign the unit an ID/Extension. When you take it out of the firewall you cannot change those setting unless the phone is plugged into IPO. If you do change them it will sit at DISCOVER xxx.xxx.xxx.xxx forever, you need to clear the phone, delete the id/extenson (from IPO), try reconnecting with autocreate extension and pray. Learned that lesson from 3 days of frustration.

Now getting to Softphone, we have tried everything to get it to work outside of the firewall without a VPN. No luck.. Tried every port. It does not get past the firewall. I have a suspicion that there are ports it uses that are not in the Avaya documentation. Short of placing the IPO outside of the firewall I have no idea what else to try.

 

[tlpeter]

What did you need to do on the Cisco to get the remote worker actually working?


BAZINGA!

I'm not insane, my mother had me tested!

 

[greenlight1]

The big item is to TURN OFF Cisco H323 Helper. We had it on and it caused major issues.
We have the below mapped to the IPO
UDP 1718, 1719, 1720, 5005, 49152-53246
TCP 1720, 49152-53246

On the IPO, just what they had in the documentation, gatekeeper on etc.. auto create, we used LAN1 for those setting even though the documentation says use 1 or 2

We only have one remote phone with an issue. It connect to the system, logs in but no dial tone or sound. All the other are working fine. No VPN. The remote user all all home based using dsl or cable.

 

[greenlight1]

The above was for our 9608 phone by the way.. softphone is still not working

 

[Bas1234]

Softphone is not supported on remote extension, it also a sip phone and not a h323.

___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged (Avaya Search tool

http://tinyurl.com/bas1234

)
______________________________________