Connecting 6940 Handset over Internet to Mitel System

[subdivisions]

We have a Mitel MyOffice 250 system in house, and we have 2 6940 SIP Phones on the system.  I have a user that wants one off site at his house.  We have been unable to get it to connect properly (we have 5340's off site just fine), and are thinking of trying perhaps a site to site VPN connection with dual routers to make the 6940 think its on the LAN.  Has anyone succeeded in getting one of these 6940 SIP phones connected remotley without needing the extra Mitel servers stuff that they "think" would work?

Im open to all options.

Thanks

[dilkie]

Don't what they "think" but you need an MBG to handle teleworker sets. SIP wasn't designed to handle NAT and that's the issue you are having. MBG deals with that.

A VPN would also work, though there might be some performance issues depending on the VPN technology you choose (ie. running rtp/voice traffic over a TLS vpn isn't a great idea).

[subdivisions]

Yea im a tad worried about vpn performance but we are also taking Gigabit FioS to Gigabit Fios, and 500 Meg Cable at another location so unless the VPN REALLY kills speed, it should work..

Here is what i currently have... (PS let me preface this by saying i read about this ALG-SIP Watchguard function, but i got rid of it in the M400 firewall cause it kills outgoing communicaion)..

2 ISP's in my office.  Fios Gigabit / 500 Meg Optimum Cable.

Right now the 6940 is setup (and mostly working) using a static IP on the LAN, using a gateway going out over the cable isp (192.168.1.254), and OpenDNS Servers.  In the phone itself, the configuration server is set in HTTPS to my external mitel IP on the FiOS, which goes into the firebox..

In theory it should be working if i take it outisde the office, plug it in say at home (also gigabit fios) and it should connect  as it is here..  I don't see anything other then the local IP which i set static that would be causing it to be any different outside the office.

My firewall ports are as follows:

UDP: 69 TCP 8202-8203 TCP: 80  (My static External IP) --> 10.0.1.156 (This is the PC Phone Manager is on).
TCP: 5060 UDP: 5060 UDP: 20000-20500 (My static External IP) --> 10.0.1.10 (The Mitel 250)
UDP 6004-7039 tcp: 5004-05007 TCP: 5566 tcp: 5570 UDP: 5567 udp: 5070 udp:20001 tcp: 68-69 tcp: 6800-6802 tcp:3998-3999 udp:50098-50508 tcp:443 (this one may have to change, just noticed something), tcp: 4000 tcp:044000  (Public IP) --> 10.0.1.10

[Dogbreath]

  Has anyone succeeded in getting one of these 6940 SIP phones connected remotley without needing the extra Mitel servers stuff that they "think" would work?

If the VPN is correctly configured then the handset will work just like it was any other routed subnet. Just avoid any type of site-site VPN that uses TCP tunneling, as dilkie alluded to. Watchguard supports IPsec so that should be fine.