Is SPA504G capable to VPN into remote network (Asterisk)?

idemkovitch · ‎12-12-2016

Hello,

I'm trying to figure out how to use Asterisk from outside of network. Currently we have SPA504G inside and they work great.

Now I want to setup couple units outside and I wonder if they can somehow VPN to our network (we use Mikrotik router) and work this way?

If not SPA504G, then is there any similar otherwise phone from Cisco which can do that?

Thank you!

Dan Lukes · ‎12-12-2016

There are so many kind of VPN (even on Mikrotik). Moreover, we know nothing about network connectivity - of neither PBX side nor phone side. You may or may not have public IP address, there may be a NAT (of unknown type), firewall, ...

So sorry, no way to respond your question in full.

Any SIP phone (including SPA504G) will work with any SIP PBX (including Asterisk) as long as there will be network connectivity between them that can pass SIP traffic.

idemkovitch · ‎12-12-2016

Sorry for not being clear. Asterisk is behind router, no public IP (and not planning). Router is Mikrotik, I can setup VPN access there.

Right now at home I have another Mikrotik router and have direct VPN tunnel between office and home 24/7. So, SPA504G set at home works just fine.

I have another person at another location behind their own firewall/etc that needs to use our Asterisk. He can install soft phone and connect to our VPN and use it like this. So, I though maybe there is phone that can do the same? (VPN and then join Asterisk)

I see that SPA525G2 have built-in VPN. Can I use it for what I want? I guess I'm looking at following ability:

Bring this device anywhere with internet, plug it into LAN port and it will VPN into our network and connect to Asterisk. Possible?

Dan Lukes · ‎12-12-2016

He can install soft phone and connect to our VPN and use it like this.

If he can establish VPN tunel between local LAN that can be used by softphone running on a connected computer, then SPA504G can use it as well.

 I though maybe there is phone that can do the same? (VPN and then join Asterisk)

May be I still doesn't understand correctly. I'm almost sure the softphone mentioned in question create no VPN by self.VPN is created by another software/device on the network.

May be you should disclose the topology of remote network - how it's connected to Internet, what device is maintaining VPN (and kind of VPN he is using). It will allow me to provide you more valuable answer.

I see that SPA525G2 have built-in VPN.

You still didn't catched there's nothing like "just VPN". There are many implementations of VPN. Both ends must understand the same VPN kind or the interconnection is not possible.

The VPN inside of SPA525G2 is Cisco AnyConnect VPN. You can use it as long as other end (e.g. Mikrotik) can run Cisco AnyConnect VPN. Sorry, I'm not familiar with Mikrotik enough, so I can neither confirm nor reject it support this kind of VPN.

For the same reason I can't advise you a phone model capable to setup and maintain VPN with your Mikrotik. Enumerate all VPN types suported by Mikrotik first ...

idemkovitch · ‎12-12-2016

If he can establish VPN tunel between local LAN that can be used by softphone running on a connected computer, then SPA504G can use it as well.

I mean he can use VPN client on PC and then use Softphone. SPA504G can't use it obviously.

The VPN inside of SPA525G2 is Cisco AnyConnect VPN. You can use it as long as other end (e.g. Mikrotik) can run Cisco AnyConnect VPN. Sorry, I'm not familiar with Mikrotik enough, so I can neither confirm nor reject it support this kind of VPN.

Yes, I guess this is what I need to understand..

Mikrotik supports following VPN protocols, pretty standard stuff.. Is Cisco AnyConnect VPN some kind of proprietary protocol incompatible with others? From marketing description it sounded like phone can connect to anything.. Or just Cisco routers?

http://wiki.mikrotik.com/wiki/VPN_Overview

Dan Lukes · ‎12-12-2016

SPA504G can't use it obviously.

It's not obvious. Some VPN clients can be used by external devices while others not. I don't know which one he is using.

If the first one then it can be used even by SPA504G.

pretty standard stuff

;-)

You still wish not to understand. "Standard VPN" is very rare beast. SSTP and PPTP are Microsoft's proprietary. EoIP is Mikrotik proprietary. Only L2TP and "IP Tunnel" can be considered "standard". But both are rather old and care no security, thus they are not used so often now.

But it's not the matter.

The matter is - it will not be easy to find a phone suitable to connect to one of the VPN supported by Mikrotik. Check SNOM or Yealing models.

Cisco AnyConnect VPN some kind of proprietary protocol incompatible with others

VPNs are compatible with nothing but self. Thus even Cisco AnyCOnnect is compatible with nothing but Cisco AnyConnect.

In short - SPA525G2 can setup with any CIsco ANyconnect capable peer only.

idemkovitch · ‎12-12-2016

It's not obvious. Some VPN clients can be used by external devices while others not. I don't know which one he is using.

Well, he is on Windows PC. So he goes to "connect to workplace VPN" and connects to Mikrotik :) It's PPTP VPN for Microsoft clients. How is it possible for another device on network to use this? We talking about dump straight-forward setup. I just want to give phone to him and it should work as long as he have connection to internet.

I guess yes, I need to look at Yealings.. I've seen they support OpenVPN and I can run OpenVPN server on Mikrotik as well. Probably this is a way to go. I wish I was able to do Cisco phone as I like them and already got provisioning all dialed in..

Dan Lukes · ‎12-13-2016

How is it possible for another device on network to use this?

It's simple networking issue - if phone will send their packets to Windows (it's about phone's default router configuration) and Windows will forward them thru tunnel (routing configuration) it will work.