Sip redirection


I have this problem and I don’t see a simple solution to it.
We have an office Lan with a range
We have an asterisk server on a IP that is accessible from the Lan.
We have a VPN allowing to access the subnet of our office lan (we use the subnet instead of subnet to avoid address collision with the remote lan )

I would like to register a sip phone on the remote lan with the asterisk server on the office lan.

Of course, the easy way would be to change the asterisk server ip to an address in the range, but I would prefer not to do it.

How can I “redirect” the sip traffic coming from the VPN on the subnet to the asterisk server which is on the subnet, to allow registering of my remote phone ?

thanks very much for any help


First of all if you want to have and as two separate network, you need to use a subnet mask

Asterisk IP is just fine. Set up the subnet mask correcty and the Asterisk will communicate with the remote network via the router that is taking care of the VPN link.

Hi Dejanst,

thanks for your help.

How will my remote sip phone (on a subnet) register to the asterisk server on the subnet ?
Do I have to do a static registration ?



If I understand correctly, two routers are taking care of the VPN connection between two remote sites (two remote LANs). If this is the case, IP Phone and Asterisk just need to send remote-bound packets to the routers (default gateway), they take care of the traffic routing between the two locations.

Hi Dejanst,

We have a router on the office side, but the remote site connects via a VPN client directly (no router on the remote side)
Thus the traffic from the remote client to (my asterisk IP address on the office lan) will not be routed to the VPN tunnel.

Should I enter a static route on my remote client to direct traffic to the VPN tunnel ?


You are loosing me as far as your network topology is concerned. I am starting to think that you are over complicating your network.

Can you please make a drawing of the network with all the IP’s and devices involved?

Hi Dejanst,

thanks for your time

            office lan                                               remote lan
                  |                                                            |
    _________________                                      _____________
   |                          |                                    | <—VPN tunnel—>client PC
| |

| | | | |
asterisk svr ressources accessible to
remote users

Indeed, my setup is a bit complicated. The problem I had to face is to allow remote users to connect (via a VPN tunnel) to the office lan ( IP range) from different remote locations. Those locations can be the user home, but also an hotel. Remote user is usually connected locally to internet via a lan, with a IP range that can be an thus could conflict with the office lan range.
To avoid this problem, I extends the office lan range to, and gave all devices that have to be accessible via VPN addresses like 192.168.2.x.
The remote client can then connect (VPN tunnel) to the subnet of the office lan, without conflicting with the remote lan addresses.
Of course, a simpler solution could be to use for the office lan, but this is not practical.
Everything is working fine, except for the asterisk server, which is at Again, I could change the ip of the asterisk server, but I would prefer not.



The problem you seem to have is that the VPN is not a proper part of your intranet. Fixing that is a much better approach than trying to get Asterisk to cope with two disjoint networks.

Once your intranet is fully routable, you will not need to do anything special to deal with hosts across the VPN.

I totally agree with David.

Use a proper router to get a proper VPN capability. You don’t need to change anything on Asterisk, just fix you network topology.