Advice on server location/DMZ/NAT


Our organization has several sites, linked via VPN. We have an Asterisk (AstLinux) server at head office, in our DMZ (behind NAT). Voice traffic between the sites travels over the VPNs. We have IAX2 trunks from a VoIP provider with PSTN numbers.

Am I correct in thinking that there are two downsides of this set-up?

  1. The VPN processing adds latency

  2. QoS will struggle to identify and prioritize VoIP inside the VPNs

Should I set things up differently? I would try to get the traffic out from the VPNs while leaving the server where it is, but I’ll run into difficulty with routing (I can explain this further if necessary). I’ve tried putting the server outside the VPN with an external IP address, but am having trouble with NAT for phones on the internal network.

What would the recommendation be? Our phones are a mixture of Snom, Atcom, and X-Lite. I don’t mind where in the network I locate the server, and will also happily consider other Asterisk boxes at the larger remote sites, but any advice on what the best approach is likely to be would be very gratefully received.

Many thanks


Can anyone help me with this query?