sundance-communications.com/forum Forums TDM Business Telephone Systems Toshiba Telephones & Systems MIPU and public IP's question

Looks like my last question regarding a strange DID problem stumped everyone including myself(I'm still baffled) however I think I've got a much easier one here.

I'm interested in doing some remote IPT's for certain employees at my company. I've read in some posts that this is normally done with a public IP on the MIPU or LIPU. Right now we've got all private IP's that are on a Vlan.

We have 2 MIPU cards in our CIX 670, and then we have two CIX 40's that also contain one MIPU card each.

I basically want to use one of the CIX 40's as I have a ton of ports available on those. The 670 already has a lot of IPT's on it, so I don't really want to crowd it.

What is the best way to give someone a remote phone in this scenario?

I'm a little confused about the portion with the public IP. I assume that if I give one MIPU card a static public IP the others I don't want to have access to from the internet can still function on the private ones?

I'm thinking I would just assign the public IP to the MIPU card then go into my router and make sure that access was allowed to whatever needed ports for said IP?

What port(s) would they be? I don't use what most would call a firewall, just an access control list on a Cisco router.

Any advice would be great. Thanks.

Andy

If you are already using the MIPUs for QSIG for the CIX40s then It could be more difficult to add external IP phones. You could put all the MIPUs on the public internet and connect with QSIG over the internet, but call quality may suffer.

In the case of the CIX 670 with 2 MIPU cards, you can have 1 on the private LAN and another with a public IP. They can work individually.

You should be able to pass the public IP through your router. In many cases we install a small switch in front on the site router and connect the MIPU with a public IP.

The only other way to connect a phone would be if you created a VPN tunnel to your network.

Have you read to this point that you can not install an IPU with a private IP address with NAT if you want to connect an external IP address? The IPU must have a public IP address to be access from the Internet unless you use a VPN.

Yes I read that the MIPU won't work through NAT.

I think VPN would be the best way to go. What would you suggest as far as how I could do the tunnel?

Do I have to use like a hardware based VPN box, or are there other ways I can do it?

Thanks!

Since the phone itself can not create a VPN tunnel, you may need to use a hardware device. For a home worker or remote office this usually isn't too hard to implement, but for the mobile worker it could be hcumbersome to carry a VPN router around.

I have been meaning to try something. If for example you have a laptop with netowrk cards, either USB and built-in, or wireless, you could create the VPN with the laptop with software and use it as a proxy to connect the phone.

But for all that it would be even easier just to install the Toshiba soft IPT software on the laptop and get a good wireless headset to plug into it. The software connects like a Toshiba phone. It requires the same IPT licence as the other phones plus a Soft-IPT licence per user.

If you have the latest software on your system then all the IPT licences are per connection. The older software was per user. You coud not creat a user without having enough licence ports. Now the extra users can't connect without a licence.

Also with the latest software and fireware on the phones and MIPU (not LIPU) they have something called IP Mobility, which lets you more your IP extension by logging in and out of a phone or soft IP. That way a user can have an IP phone at home, then pull out his laptopm on the road and move his extension to his laptop, and it only requires one IP endpoint licence.

I don't think we have any softphone user licenses. This would be more for like a home office rather than on the road. Though having the Soft IP for when the salesman is on the road would be nice...it wouldn't really be necessary I guess.

We have two remote users who rarely come to the office I just want to give internal extensions That way when they are in their office at home, they don't have to use long distance just to call someone at our office, which is probably a good chunk of their daily calls. Would save us some $$ on long distance charges.

Thanks for the tips. I'll try out the hardware VPN tunnel most likely and see how it goes.

Thanks again.

Andy

You would likely not have softphone licenses. You would need to buy them from your Toshiba dealer. Then you would just need to install the software on the laptop, if you went that direction.

FYI, I got a phone to work through a Laptop, using the netowrk port for the phone and a wireless connection to connect to the network. It worked but wasn't very stable. Call quility was not consistant. I would guess that 2 wired connections would be better. It may not help you but I thought it was kinda cool that I got it to work.

VPN is likely your best bet. Good luck with that.

What settings did you use when you set up the laptop? Was there a Vlan in the mix?

I'm wondering what type of VPN appliance would work best for this. I'm guessing something that always has a tunnel up to the LAN from a remote location like a Cisco Pix or ASA.

I've got some Cisco 1700 routers but those don't seem to do what I want them to.

We have a site with an ASA doing the VPN and that is running about 14-16 phones. Works very well. I cant help you with any of the settings though. One of the nice things about using a VPN is that you can also do firmware upgrades over it.

Turns out all I had to do is bridge the wireless and wired connection. Phone even got an IP address from DHCP. We do have VLan in our office.

We have a software VPN to a customer site. My next experiment, when I get time, would be to get that phone to work with a software VPN.

Our company has installed hardware VPNs for some of our customers. I'll see what type we have used.

Awesome. Well I got a couple VPN firewalls on ebay, a cheapo (Netgear) and an old Cisco PIX 501 with VPN tunnel function, so I'm going to give those a whirl this week. I got them at really low prices since this is still in the experimental stage. I'll let you guys know how it goes.

Thanks again for all the good info.

Andy