How to setup outside softphones with asterisk

We have setup asterisk 1.x and currently have approx. 20 sip polycom phones on our network. This is all setup within a firewall. all outside calls are made through pstn lines that are connected with a tdm400 card.

I have been tasked to setup sip based softphones outside of the network so we can save money on international calls. We would like to be able call these softphones from within the office and also have the soft phones call into the office using the internet. here’s a quick overview of the configuration

polycom sip phones<=>asterisk<=>nat<=>internet<=>nat<=>sip based softphone

I was wondering what will be necessary to accomplish this. It seems doable but from what I read trying to connect through Nat/firewalls is going to be a problem.

That depends on how much control you’ve got over the firewall. It’s simply a question of forwarding the relevant ports (5060 plus whatever RTP ports you’ve got configured). Of course you have to make sure this is happening at both ends.

It’s considerably easier if you can set up your asterisk server in a DMZ or something - so it’s got an internet routable IP address, anyway. If you can avoid NAT on at least one end, it simplifies things.

An important consideration is to not permit access to your Asterisk ports from the whole internet - only the addresses of the phones you want to allow to connect. Otherwise you’ve got a serious security risk.

I have an asterisk server behind a firewall and rather than open up any ports I get any remote users to VPN onto the network then connect their softphones.

I was initially worried that it would mean a drop in sound quality but I’ve had no issues to date.

Remote users are using Windows XP and X-Lite.