Client voip internet side

Hi all,
I need to know the correct way to use any kind of voip client installed on iphone or android, without exposing asterisk to security risk.
By now, asterisk is behind a NAT, in the same LAN as my Voip phones and it works correctly.

I installed 3cx client on my iphone and configured itself as asterisk extension. Obviously it works only when the Iphone is connected to the corporate WLAN and it stops to work on the internet side.

what I have to do? Have I to NAT the 5060?


Your internet router needs to portforward UDP ports 5060 and 10000-20000 (SIP and RTP) to your Asterisk box. Then you need to set up the externip and localnets in your sip.conf to match reality.

Now, once you open those ports, your Asterisk box does become a security risk. Once you open those ports, you’ll see countless attempts to guess passwords and crack accounts. Make sure your SIP usernames & passwords are strong.

To avoid a security risk, make sure that Asterisk has an airgap (including Faraday cage) between it and the internet.

To control security risks, you will need to find VPN software for the smart phone and install a compatible VPN router. With a slight increase in risk, you may be able to use a software only VPN solution on your intranet.

The most difficult part of this is non-Asterisk, non-VoIP and needs to be addressed to the smart phone’s community.

Note. This is the wrong forum for Asterisk support questions.