07-10-2003 04:33 AM - edited 03-13-2019 12:40 AM
I have been tasked with getting my director to be able to take home a 7940 and use it over his vpn connection back to the hospital over his cable modem. I am not sure where to start or what the steps are. He doesn't want softphone, but an actual IP Phone. The one thing I definitely know I have to do is open some range of UDP ports on the firewall, but I am not sure what the range was. I also don't know the next series of steps. Do I program the phone just as any other in the call manager (3.2)?? Are there settings on the phone itself that must be programmed differently? Please help..
07-10-2003 05:46 AM
If it's over a VPN connection, you shouldn't have to open anything on the firewall, unless you have a firewall blocking your VPN. The trick is, in order for the IP Phone to use the VPN connection, the VPN needs to be hardware based. A SOHO 91 ethernet router will allow a permenent hardware-based VPN that will allow the phone to connect seamlessly (and yes, it would be configured like any other phone). An added bonus is that he won't have to start up a software VPN client on his desk/laptop.
07-10-2003 06:05 AM
THank you... assuming our firewall does block our vpn, what are the ports to open for udp... as I remember from someone telling me its a pretty big range.. something like 32xxx - something..
07-10-2003 07:46 AM
16384-32768
I kind of doubt that you have a firewall blocking vpn traffic though.
07-10-2003 10:08 AM
If you want to simplify your configuration and don't want to configure hardware based VPN than use Clarisys.com (handset) with softphone. It works great with softphone over VPN. Another advantage of using clarisys is mobility, your director can take this phone with him when he is traveling.
hope it helps.
-Zulfi
07-10-2003 10:25 AM
If your Firewall is blocking VPN traffic, then
1.) fix your Firewall, it shouldn't work like this
2.) Turn on tracing on the firewall and see what it's blocking (best do it at a quiet time)
3.) Use the results of 2 to open up the ports. Most of the ports you need are well known configurations like UDP voice (16384 - 32767) but there are some odd ones (TCP 46 ??) so best approach is suck it and see.
The idea of a VPN is that it's from a known source and is encrypted, if your Firewall is blocking traffic on your VPN then you obviously do not trust the source which means the VPN is a little pointless.
Paul
07-14-2003 01:58 PM
I was tasked the same thing. I started off with a PIX 501 with the latest version 6.3.1. I configured it as a hardward VPN client back to our 3000 Concentrator. I'm not sure if this applies to you, that's how we got our 7940 IP phone behind the PIX to connect to our CallManager. We have tested it on a cable and DSL modem.
Here's the link that got me started:
07-16-2003 11:41 AM
If he's at home using a cable modem, he's probably not on static IP. His ISP is either providing him an IP through PPPoE or dhcp. What I would do in this situation is set up Pix 501 behind his cable modem or router and set up the outside interface of 501 accordingly- either PPPoE or dhcp. You'd then set up dynamic VPN between the office and the Pix 501 so that you don't need a static IP remotely.
Once you have VPN established, the phone should get all the settings dynamically via dhcp from the inside interface of the 501. Make sure you include the voice vlan in the nonat statements for your VPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide