[cisco-voip] Deploying 7961 Phones Remotely with ASA5500?

Matt Slaga (US) Matt.Slaga at us.didata.com
Thu May 7 15:06:59 EDT 2009


I'm assuming the ASA is going to run PhoneProxy.  At home, I have a 7960
plugged into a Linksys WRT54 that works just fine.  No DMZ or port
forwarding is configured.  We've been running the phoneproxy since it
was Metreos with mixed results.  Been really solid though on the ASA.

 

 

 

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Wes Sisk
Sent: Thursday, May 07, 2009 2:56 PM
To: Jason Burns
Cc: Cisco VOIP; Matthew Loraditch; Miller, Steve
Subject: Re: [cisco-voip] Deploying 7961 Phones Remotely with ASA5500?

 

Hmm, I'm going to need a little more convincing on this one.

phone1----------homerouter-----------ASA--(typical enterprise with
cm)--phone2
10.10.11.2   10.10.11.1 10.10.10.76  
*homerouter doubles as a firewall as is common

In the ORCAck that leaves phone1 offers to receive audio on 10.10.11.2
port 33333.
homerouter is blissfully unaware of SCCP so passes the IP datagram along
after rewriting IP headers for the 10.10.10.76 network
this gets through ASA with any translation it does, then on to CM, then
on to phone2.

phone2 begins to transmit audio.  Audio goes to the IP:Port fixed up by
ASA.  ASA rewrites IP and UDP and passes along back toward home router.

Now comes the challenge.  homerouter never knew it should listen on port
33333.  It would have to be SCCP aware to do that.  It would have to be
SCCP aware to rewrite that to any other port number.

So the audio via RTP/UDP/IP is back to the "outside" interface of
homerouter, but how does it get through to phone1?

/Wes


On Thursday, May 07, 2009 10:47:36 AM, Jason Burns
<burns.jason at gmail.com> <mailto:burns.jason at gmail.com>  wrote:



Ryan,

Even though the IP Phone would be embedding it's own private IP address
inside of SCCP ORCAck messages, the ASA Phone Proxy feature would know
the message was really sourced from the public IP. The Phone Proxy would
handle that, so that the Linksys doesn't have to worry about SCCP fixup.

One important caveat is that with PAT, not al homel routers support a
TFTP Client connection like the phone tries to do to the ASA Phone
Proxy.

TFTP is destined to UDP port 69 for the initial Read Request, then a new
connection on an ephemeral port is negotiated, and not all home routers
know to look for this to open the new UDP Port.

If you run into TFTP problems you will have to configure the IP Phone's
IP to be in the DMZ so that all ports get forwarded to the IP Phone.

So, the short answer is that just about any home router should work with
the ASA Phone Proxy. Provided you're on the very latest ASA code (as
PhoneProxy is still a very new product).

On Thu, May 7, 2009 at 10:29 AM, Ryan Ratliff <rratliff at cisco.com>
wrote:

Your Linksys router is going to be doing NAT/PAT and I'm pretty
confident they don't support SCCP fixup.  You will need the phone to
either be in the DMZ or have a vpn tunnel behind the Linksys.

-Ryan 



On May 7, 2009, at 10:12 AM, Miller, Steve wrote:

Yes. I am just trying to make sure that there is nothing other than
generic router (Linksys or whatever someone would normally have in their
home) and the phone which are necessary to work with the the ASA55XX
back at the network site.  We have been using VPN3002 boxes which are
expensive and sometimes problematic to set up/program. Thank you for
your feedback!

Steve Miller
Telecom Engineer
Dickstein Shapiro LLP
1825 Eye Street NW | Washington, DC 20006
Tel (202) 420-3370| Fax (202) 330-5607
MillerS at dicksteinshapiro.com



From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com]
Sent: Thursday, May 07, 2009 10:08 AM
To: Miller, Steve; Cisco VOIP
Subject: RE: Deploying 7961 Phones Remotely with ASA5500?

What do you mean by necessary? If you can get your Linksys to setup a
vpn tunnel then yes





Matthew Loraditch
1965 Greenspring Drive

Timonium, MD 21093
support at heliontechnologies.com
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com
Support Issue? Email support at heliontechnologies.com for fast assistance!



From: Miller, Steve [mailto:MillerS at DicksteinShapiro.COM]
Sent: Thursday, May 07, 2009 10:05 AM
To: Matthew Loraditch
Subject: Re: Deploying 7961 Phones Remotely with ASA5500?



Thanks. Only the phone is necessary, correct?


Steve Miller
Telecom Engineer
Dickstein Shapiro LLP
1825 Eye Street NW
Washington, DC 20006
Tel (202) 420-3370
Fax (202)-330-5607
millers at dicksteinshapiro.com

From: Matthew Loraditch
To: Miller, Steve; Cisco VOIP
Sent: Thu May 07 09:45:41 2009
Subject: RE: Deploying 7961 Phones Remotely with ASA5500?

Only the hardware needed to establish connectivity back to the cluster
(VPN or direct via a t-1 or other circuit), and provide power for the
phone.

You could use an ASA5505 and that does poe and the vpn tunnel all in one





Matthew Loraditch
1965 Greenspring Drive

Timonium, MD 21093
support at heliontechnologies.com
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com
Support Issue? Email support at heliontechnologies.com for fast assistance!



From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Miller, Steve
Sent: Thursday, May 07, 2009 9:34 AM
To: Cisco VOIP
Subject: [cisco-voip] Deploying 7961 Phones Remotely with ASA5500?



Simple question:



What hardware is required (if any) at the remote location to allow a
Cisco phone to work?  My understanding was that hardware was
unnecessary....that the phone could just hang off a regular Linksys
router at a person's home. Please advise.  Thank you!



Steve Miller
Telecom Engineer
Dickstein Shapiro LLP
1825 Eye Street NW | Washington, DC 20006
Tel (202) 420-3370| Fax (202) 330-5607
MillerS at dicksteinshapiro.com




--------------------------------------------------------This e-mail
message and any attached files are confidential and are intended solely
for the use of the addressee(s)named above. This communication may
contain material protected by attorney-client, work product, or other
privileges. If you are not the intended recipient or person responsible
for delivering this confidentialcommunication to the intended recipient,
you have received this communication in error, and any review, use,
dissemination, forwarding, printing, copying, or other distribution of
this e-mail message and any attached files is strictly prohibited.
Dickstein Shapiro reserves the right to monitor any communication that
is created, received, or sent on its network.  If you have received this
confidential communication in error, please notify the sender
immediately by reply e-mail message and permanently delete the original
message.  To reply to our email administrator directly, send an email to
postmaster at dicksteinshapiro.com Dickstein Shapiro
LLPhttp://www.DicksteinShapiro.com
========================================================================
======--------------------------------------------------------This
e-mail message and any attached files are confidential and are intended
solely for the use of the addressee(s)named above. This communication
may contain material protected by attorney-client, work product, or
other privileges. If you are not the intended recipient or person
responsible for delivering this confidentialcommunication to the
intended recipient, you have received this communication in error, and
any review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. Dickstein Shapiro reserves the right to monitor any
communication that is created, received, or sent on its network.  If you
have received this confidential communication in error, please notify
the sender immediately by reply e-mail message and permanently delete
the original message.  To reply to our email administrator directly,
send an email to postmaster at dicksteinshapiro.com Dickstein Shapiro
LLPhttp://www.DicksteinShapiro.com
========================================================================
====== 



-------------------------------------------------------- This e-mail
message and any attached files are confidential and are intended solely
for the use of the addressee(s) named above. This communication may
contain material protected by attorney-client, work product, or other
privileges. If you are not the intended recipient or person responsible
for delivering this confidential communication to the intended
recipient, you have received this communication in error, and any
review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. Dickstein Shapiro reserves the right to monitor any
communication that is created, received, or sent on its network. If you
have received this confidential communication in error, please notify
the sender immediately by reply e-mail message and permanently delete
the original message. To reply to our email administrator directly, send
an email to postmaster at dicksteinshapiro.com Dickstein Shapiro LLP
http://www.DicksteinShapiro.com
========================================================================
======

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip





 


________________________________



 
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
  

 




-----------------------------------------
Disclaimer:

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only.  If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090507/972de82e/attachment.html>


More information about the cisco-voip mailing list