Teleworker without MBG

[thenewguy]

 going with this is a crazy question.  Is there a way to have one phone or softphone connect to a mivoice 3300 9.4 version without having a MBG?  I have a customer that needs one teleworker and doesn't really want to do a MBG.  They do not have Micollab or MBG at the moment. 

[johnp]

I would think a sip softphone might work, it may require a sip aware router/gateway device at the remote and some firewall rules.

[ACDeezNutz]

VPN between end user and the MiVB.

[dilkie]

only a vpn between the 2 networks would work.. so no NAT and completely routable... otherwise, get MBG, it's the cheapest solution.

[bajangerry]

SIP phone will definitely work once you have a suitable firewall to provide the NAT from external to internal address of the PBX.

[dilkie]

SIP phone will definitely work once you have a suitable firewall to provide the NAT from external to internal address of the PBX.

a firewall in front of MiVB that modifies SDP and contact addresses in sip messaging? What about the other end? The set is also behing a NAT firewall, some home router, that is not doing the same thing? Where's the rtp going?

[bajangerry]

That's why I said "suitable firewall"  I have done this with Fortinet, Sonicwall and Palo Altos in the past and it can be done.

[dilkie]

That's why I said "suitable firewall"  I have done this with Fortinet, Sonicwall and Palo Altos in the past and it can be done.

so, an SBC firewall... doing something similar to MBG but with less features.. including dealing with NAT at the client end for rtp routing.

And access control as well? Don't want to expose your call server to internet hacking attempts. So the f/w handles sip authentication?

[bajangerry]

You are assuming they don't already have a suitable firewall in place?
There are many ways to provide protection such as limiting the access to specific IPs, using TLS etc.

[thenewguy]

The firewall at the mivb side probably can be  used to bring in the sip to the mivb.  The set end has a ISP router and cant get it changed or help with it they say.

[bajangerry]

Do they require a Deskphone or happy with a softphone?
I have also configured a SIP softphone (many free ones out there) on a PC that has a VPN to the office network. That will get past the firewall issue but it does affect the audio if the bandwidth is not good.
This is more a networking question than a phone one to be honest.

[thenewguy]

I think a softphone will suffice.  They can get a vpn on the pc to run.  So a softphone would work that way.  do you just configure it as a sip device to the controller, and let them pass it by the firewall?

[johnp]

Yes would be a generic sip, vpn would need to tunnel both the connected network and the phone network on the user end, would assume local vpn connection would take care of the route back assuming this is on their firewall.

[dilkie]

You are assuming they don't already have a suitable firewall in place?
There are many ways to provide protection such as limiting the access to specific IPs, using TLS etc.

I don't know what f/w they have in place, but a f/w that can also do SBC functionality is a pretty major piece of gear, and expensive. Wouldn't expect a company with one of those to balk at the very low cost of an MBG with a single teleworker license.

If you use TLS, which is recommended, then your f/w must be a proper back-to-back (B2B) user agent (either sip or minet) in order to manipulate the signalling.. and, generally speaking, they also perform user auth.

Allowing TLS through to the call server isn't going to provide any additional security.

[dilkie]

I think a softphone will suffice.  They can get a vpn on the pc to run.  So a softphone would work that way.  do you just configure it as a sip device to the controller, and let them pass it by the firewall?

VPN on PC is connected to VPN server in corp f/w.. just like any other VPN used to access the corporate network.. Softphone would just be pointed to the mivb, just as if you were in the office. That would work.