We are deploying an Asterisk server at our company and I want us to be able to give remote workers (who work at home around the world) a physical VOIP extension to make their work environment more efficient and effective. We’re using Cisco phones - maybe the 7960 or something close to that, I’m not certain.
I’m being told by our technical folks that we can’t deploy remote Cisco phones (i.e. phones outside the firewall) without also deploying a hardware-based VPN in each remote location, unless we want to open up lots of ports on our main router (which is also a pretty good Cisco router - I don’t know the model number). That doesn’t make sense to me - why would Cisco design a system which didn’t allow VOIP phones to connect securely, particularly their own phones?
We do have a VPN (Cisco AnyConnect) and I assume we could get around the problems above by having people use softphones on their PCs, connecting securely using the VPN. But we really want to have physical phones in each remote location.
We don’t have a huge number of remote locations - perhaps 50 in total - and they change very infrequently. Wouldn’t it be possible to program the router to accept connections only from 50 specific MAC addresses? Or is there some other way to connect these remote extensions that does not require us to open lots of ports on the router? I’m willing to have us install some additional software or hardware on the central network, but I don’t want to have to install 50 hardware VPN boxes, at a huge cost and effort, when I suspect it is not necessary.
Thaniks in advance for any help you can provide. Regards.