|
Joined: Aug 2011
Posts: 345
Member
|
OP
Member
Joined: Aug 2011
Posts: 345 |
That makes sense.
If I could have this phone on a VPN, I would.
This is for an accounting firm and sometimes they will set up at a client's office for a week or more. They would like to be able to take a phone with them and connect back to the main office, so there would not be a VPN for that connection.
How would I best communicate to the IT folks what the problem is so they can address it?
-Will
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Dec 2010
Posts: 681
Member
|
Member
Joined: Dec 2010
Posts: 681 |
Perhaps they can Vlan the phone out to a different address and subnet not going through the VPN... That way it will pick up a new address and just use the public internet on site versus having the traffic travel through the vpn. Or if they are kinda tech savy, teach them how to go in and change the server address for when they move to a different location.
|
|
|
|
Joined: Aug 2011
Posts: 345
Member
|
OP
Member
Joined: Aug 2011
Posts: 345 |
Not sure I'm clear on what you are suggesting Biztel.
If we could put this phone on a VPN, there would be no problem, we could use the internal address. But using a phone on a remote site that is not VPNd back to the main is the issue.
All the phones that are VPNd are addressed to the local address of the KSU and work fine.
|
|
|
|
Joined: Dec 2010
Posts: 681
Member
|
Member
Joined: Dec 2010
Posts: 681 |
It was a different solution that possibly wouldn't apply. I would try nameless suggestion of forwarding the ports for MPS/RTG to the cards. If you hadn't already done those.
|
|
|
|
Joined: Dec 2010
Posts: 681
Member
|
Member
Joined: Dec 2010
Posts: 681 |
I am curious, what kind of Firewall are they using at the site of the system?
|
|
|
|
Joined: Aug 2011
Posts: 345
Member
|
OP
Member
Joined: Aug 2011
Posts: 345 |
Ah, yes. This site is a 7100, so only one IP to deal with.
The firewall they are using a Fortiwifi30D.
Cheers,
|
|
|
|
Joined: Dec 2010
Posts: 681
Member
|
Member
Joined: Dec 2010
Posts: 681 |
Only if you're using the onboard MGI. If you have a OAS card, then you will have 2 addresses to deal with. The internal one for the MP and the one for the OAS card.
|
|
|
|
Joined: Aug 2011
Posts: 345
Member
|
OP
Member
Joined: Aug 2011
Posts: 345 |
I do appreciate that having all the phones inside the VPN would be preferable. The two remote offices are configured like that and work pretty well.
What I am hoping is to see if we could find a way to have a phone from outside the VPN connect and function.
So if a phone is coming from the public internet to the (.1.xxx) network that is part of the VPN, something in the translation replaces the public IP of the phone with the local IP of the router.
This results from what I can surmise in the phone system not being able to send back any voice traffic.
If that is a loop, what would be the best way to relay that info to the IT folks?
|
|
|
|
Joined: Dec 2010
Posts: 681
Member
|
Member
Joined: Dec 2010
Posts: 681 |
Naturally if a phone is connecting to a system using the public IP then it will route that way. Regardless if the 2 networks are using a VPN tunnel to talk to each other on a local subnet. Therefore if the phones will connect to 10.x.x.x as a public IP then the system will look for traffic forwarded from that. Doesn't matter if there is a VPN or not.
It seems that maybe the MGI ports are not being forwarded correctly if the audio isn't passing. Or the public IP set in your OAS card isn't the same matching the one for the MP10a. I would double check these settings. Also, what are your Port ranges for the OAS card and the ones for the MP10a as far as MGI goes?
|
|
|
|
Joined: Jun 2006
Posts: 3,004 Likes: 4
Moderator-Samsung
|
Moderator-Samsung
Joined: Jun 2006
Posts: 3,004 Likes: 4 |
You'll need to put the vpn offices address ranges (x.x.x.255) into mmc838. That way they will still work over the vpn when you enable private with public. This will have no effect on the public registered phones as they will report the public ip of their internet connection to the system
|
|
|
Forums84
Topics94,303
Posts638,888
Members49,770
|
Most Online5,661 May 23rd, 2018
|
|
0 members (),
102
guests, and
104
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|