Is this even possible? I'm trying to register one thru SIP but it doesn't register! Is this doable? On what protocol SIP or SCCP? If SIP then what is the correct settings in the IP Phone for this? Like does it needs to get its files (tftp) on the CUCM going to the Internet? Is the proxy address the public address of the CUCM (staticaly NATed private address of cucm so it can be seen publicly)? What settings do I need?
Just an FYI, I managed to register a TANBERG (video device) to cucm via SIP, it's the cisco ip phones I can't register, need an expert advice
Yes this can be done. Most people use VPN tunnel to connect the remote site to the CUCM site, so that CUCM isn't open to the Internet and so voice payloads is encrypted. With VPN, it's no different from LAN registration, from a voice perspective.
ASA phone proxy is a good solution for this if you'll have multiple phones.
SIP and SCCP will both work. You need to open up TFTP (UDP/69), and SCCP (TCP/2000) or SIP (TCP or UDP/5060).
If you are NATting, the NAT device needs to be VoIP aware (at least for SIP). The firewall also needs to be VoIP aware to open up the RTP ports being used for the call (UDP 16384-32767). If your NAT/firewall devices aren't Cisco, you won't be able to use SCCP.
Finally, the phone needs to have alternate TFTP server set to the CUCM public IP that points to a node with TFTP running.
And you'll want QoS configured on the device with the WAN connection. outbound shaper @ upload speed, and a priority queue for RTP nested inside of that.
A very well explained reply. VPN is by far the number 1 choice I can see here, ASA phone proxy is second as I read and according to my friend that he already implemented it (just that I don't have access to our ASA right now so...), the one thing I'm interested with although I know that it is not secure is thru NAT,
What are the requirements for this? The setup I've made to test if phone can register going thru the internet was to statically nat the CUCM server to a pub lic address, now I set my ip phone at home without any ports being denied to point its TFTP to the nat'ed public ip address of the CUCM, hence it still can't even register, what do you think are the reasons?
I am having the same problem ,what option is the best ?
1.0 NATTED public IP for the CUCM ?
2.0 use built-in VPN in phone models like 7942G ?
3.0 Phone - proxy method ?
Please advice ,