cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
0
Helpful
3
Replies

Registering Through a Firewall

refram
Level 3
Level 3

I have a setup in which some of my phones must register with CallManager across the internet through a pix firewall. I'm using CallManager 4.x. The phones are on an internal network of 10.0.0.0/24 and the CallManager and the Gateway are on 172.16.0.0/24. I've opened up the ports on the firewall to allow TFTP, Skinny and RTP traffic through, and have redirected TFTP and Skinny traffic to the CallManager server and RTP traffic to the gateway. I've set option 150 in DHCP to point to the public IP of the firewall (which then shoots the traffic over to CallManager). The phones are picking up the TFTP download from CallManager, but that's where it ends. Nothing really registers after that. The phones are getting information about CallManager being at 172.16.0.x, but ? of course ? none of the routers on the internet know how to get to my 172.16.0.0 network. Also, CallManager isn't going to know how to get back to 10.0.0.0. I could use a VPN, I suppose, but I don't know how well that works for voice. Furthermore, the client has a low-end firewall at the remote site that doesn't support VPNs, and I'm afraid they'll have a little, hairy, cat-fit if I ask them to shuck out more money.

3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

refram,

if you have a poor firewall you will get nowhere anyway, because it won't be able to understand sccp protocol and dynamically open ports for media.

You might consider sosma small router like the 800 series thta are really cheap but come with the full set of security features like VPN firewall, etc. With these everything should work fine, or at least is diagnosticable.

Are you saying that a VPN is my only answer?

In practice, yes, unless you want to play with NAT static translations (aka forwards) on the non-cisco firewall. Results are not guaranteed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: