Best way to setup remote worker with IP Phone

Posted on 2010-08-18
Last Modified: 2012-05-10
We currently have a remote worker who uses citrix to access our networks.  We would like to setup an IP Phone at his site but we're not sure how to implement it securely.  We don't have SIP on the extranet so the user would need to VPN into our site.    We have an NEC SV system.

What I am thinking is we can do a IPSec between our site and his home.  His office is downstairs and his router is upstairs.  His home is entirely wireless.  Should we replace his router and setup IPSec to only route the IP Phone traffic?

We have also tried to use SSLVPN with a soft phone.  However, it is not the same experience as with a real phone.

What would be the best way of handling this? Are there better alternatives?
Question by:anthonypham
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Accepted Solution

Allvirtual earned 500 total points
ID: 33466852
You want to think about complete security. Remote workers introduce certain risks into your network. Such as when they access your Intranet and the Internet at the same time there is a risk that malicious traffic gets tunneled into your company network. So I'd setup a secure IPsec tunnel from his home to the company with no Split Tunneling allowed when connected. Off course that assumes you have proxy capabilities inside your network to get him on the Internet if he needs it. So there are several considerations to make here. Either way an IPsec tunnel is the best way as the performance should be good and all he needs is a client on his computer in which case he also should run his softphone application on that computer. That way you don't need to modify any hardware in his or your network. And IPsec has better performance then SSL VPN.
So my recommendation is use IPsec VPN with a soft phone and setup security properly.

Author Comment

ID: 33467224
We currently have a Palo Alto Networks Router.  Do you recommend any IPSEC routers for home office uses?

Expert Comment

ID: 33467299
Why do you want a hardware gateway at the remote site? Does the remote user has several machines or a larger network that needs to be connected remotely? If it's just one computer or even two computers it is easier to just use a VPN client. What do you think? Also client to server VPN is normally easier to setup then side-to-side VPN especially with different vendor gateways.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 33467483
Thanks for the help so far.  I believe the VPN client is a good solution will work out about 50% of the time.  We have some users who prefer a physical IP phone.  I believe I would need it routed through the IPSec as well.  Tell me what you think.

Expert Comment

ID: 33467724
OK. Those who prefer a physical IP phone give them a headset 8) Seriously. I like to avoid hardware whenever I can - trust me it will keep piece of mind and sanity in IT management. If you must have a small hardware IPsec box we had good success with Linksys (value for your money). If budget is not a major concern I'd go with Juniper off course. One word of caution: ensure compatibility with your VPN gateway at your central site! Juniper will work in most cases.

Author Closing Comment

ID: 33467748
Thanks for the helpful and prompt responses.  They were valuable for us.

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question