VOIP network

Hello.
I have the following network (see attachment) and I want to be able to deploy the voip phones.
I have read a lot of papers and it seams that I need to configure another server because of SIP and NAT issues.
Has anyone had this configuration? What do you advise me to use: STUN, TURN, ICE, SBC? Any other option?

Thank you,
Petrut

Wrong forum. If the firewalls are simple firewalls, you don’t need anything. If both firewalls do NAT, you need to operate a VPN. If the right hand one is NAT, but the left hand isn’t, this is a standard Asterisk inside NAT configuration and you can use STUN, but you can also configure localnet and externip, instead (you will need to do this for the VPN case as well). If left hand is NAT, but the right hand isn’t, VPN would be one option. You could also treat this as an Asterisk outside NAT configuration, but you may need a certain level of NAT support in the phone, or the SIP NAT support in the left hand firewall.

A VPN solution is likely to be the easiest.

I’m not familiar enough with TURN, ICE and SBC to be able to decipher them. I don’t think they mean SMTP TURN, In Circuit Emulator and Single Board Computer, here :smile:.

The forum should be Asterisk Support, or one for your GUI, depending on whether or not you are directly manipulating the configuration.

Actually, with sufficiently good NAT support on the left hand side, the double NAT case should be workable without a VPN. I still think the VPN will be less hassle, and you should already have one with that topology. You are unlikely to be able to do directmedia without a VPN, and you don’t really want all your local speech subject to the vagaries of the internet.

Why is the PABX separate from the phones?

Thank you very much for your responses.

We have migrated the PBX in our Data Center because we have more bandwidth there.
Both firewalls use NAT and the phones can register to the Asterisk server.
The problem is that the Asterisk server can’t verify that the phones are online and displays them as Unreachable.
I think this is because of a firewall problem. Any thoughts on this?

Have a nice weekend,
Petrut