Solved

Best way to setup remote worker with IP Phone

Posted on 2010-08-18
6
388 Views
Last Modified: 2012-05-10
We currently have a remote worker who uses citrix to access our networks.  We would like to setup an IP Phone at his site but we're not sure how to implement it securely.  We don't have SIP on the extranet so the user would need to VPN into our site.    We have an NEC SV system.

What I am thinking is we can do a IPSec between our site and his home.  His office is downstairs and his router is upstairs.  His home is entirely wireless.  Should we replace his router and setup IPSec to only route the IP Phone traffic?

We have also tried to use SSLVPN with a soft phone.  However, it is not the same experience as with a real phone.

What would be the best way of handling this? Are there better alternatives?
0
Comment
Question by:anthonypham
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
Allvirtual earned 500 total points
ID: 33466852
You want to think about complete security. Remote workers introduce certain risks into your network. Such as when they access your Intranet and the Internet at the same time there is a risk that malicious traffic gets tunneled into your company network. So I'd setup a secure IPsec tunnel from his home to the company with no Split Tunneling allowed when connected. Off course that assumes you have proxy capabilities inside your network to get him on the Internet if he needs it. So there are several considerations to make here. Either way an IPsec tunnel is the best way as the performance should be good and all he needs is a client on his computer in which case he also should run his softphone application on that computer. That way you don't need to modify any hardware in his or your network. And IPsec has better performance then SSL VPN.
So my recommendation is use IPsec VPN with a soft phone and setup security properly.
0
 

Author Comment

by:anthonypham
ID: 33467224
We currently have a Palo Alto Networks Router.  Do you recommend any IPSEC routers for home office uses?
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 33467299
Why do you want a hardware gateway at the remote site? Does the remote user has several machines or a larger network that needs to be connected remotely? If it's just one computer or even two computers it is easier to just use a VPN client. What do you think? Also client to server VPN is normally easier to setup then side-to-side VPN especially with different vendor gateways.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:anthonypham
ID: 33467483
Thanks for the help so far.  I believe the VPN client is a good solution will work out about 50% of the time.  We have some users who prefer a physical IP phone.  I believe I would need it routed through the IPSec as well.  Tell me what you think.
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 33467724
OK. Those who prefer a physical IP phone give them a headset 8) Seriously. I like to avoid hardware whenever I can - trust me it will keep piece of mind and sanity in IT management. If you must have a small hardware IPsec box we had good success with Linksys (value for your money). If budget is not a major concern I'd go with Juniper off course. One word of caution: ensure compatibility with your VPN gateway at your central site! Juniper will work in most cases.
0
 

Author Closing Comment

by:anthonypham
ID: 33467748
Thanks for the helpful and prompt responses.  They were valuable for us.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now