connecting 7970 over public Internet

Unanswered Question
Jun 10th, 2008
User Badges:

I am trying to connect a 7970 to a Call Manager running on a UC520 over the Internet using public IPs. I have opened the necessary ports on the WAN side of the UC520. I am now setting up the public IPs manually on the 7970. However it seems that the Call Manager IP cannot be manually set. The phone is picking up the internal IP for the Call Manager. I am not sure how this is happening since it is not getting DHCP from the UC520. Maybe the tftp? Anyhow, how can I manually setup the Call manager IP on the phone?


Thanks,

Diego


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
paolo bevilacqua Tue, 06/10/2008 - 09:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

First and foremost, if you have an UC520 exposed to the internet, you better lock down SIP and H323 via ACL, else you'll be exploited in no time and get an huge bills for call to Cuba.


This said, you most definitely need a TFTP server locally, so need to do the following:


- do "show telephony-service tftp-bindings"

- locate and paste the file for 7970 phones into editor

- replace the CM IP with the external one

- place the file into TFTP server


Considering the inconvenience of the above, and the security risk, the best practice is indeed to connect remote phones exclusively over VPN.



DIEGO ALONSO Tue, 06/10/2008 - 11:05
User Badges:

I blocked the SIP and H323 after a few calls to Estonia!! Just kidding.


Yeah, I agree having to setup a tftp server is not going to be very convenient. I was hoping there was an easier way.


Thanks,

Diego

paolo bevilacqua Tue, 06/10/2008 - 11:10
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Not really. Also consider that if the phone is behind NAT of a cheapo modem/router, you will have one-way voice.


I hope someday Cisco will realize that phones must be able to do HTTP-based VPNs by themselves. Other vendors do that already and that makes very easy to connect remote phones no matter where they are.


Thanks for the appreciation and good luck!


Actions

This Discussion