?
Solved

Best way to setup remote worker with IP Phone

Posted on 2010-08-18
6
Medium Priority
?
404 Views
Last Modified: 2012-05-10
We currently have a remote worker who uses citrix to access our networks.  We would like to setup an IP Phone at his site but we're not sure how to implement it securely.  We don't have SIP on the extranet so the user would need to VPN into our site.    We have an NEC SV system.

What I am thinking is we can do a IPSec between our site and his home.  His office is downstairs and his router is upstairs.  His home is entirely wireless.  Should we replace his router and setup IPSec to only route the IP Phone traffic?

We have also tried to use SSLVPN with a soft phone.  However, it is not the same experience as with a real phone.

What would be the best way of handling this? Are there better alternatives?
0
Comment
Question by:anthonypham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
Allvirtual earned 2000 total points
ID: 33466852
You want to think about complete security. Remote workers introduce certain risks into your network. Such as when they access your Intranet and the Internet at the same time there is a risk that malicious traffic gets tunneled into your company network. So I'd setup a secure IPsec tunnel from his home to the company with no Split Tunneling allowed when connected. Off course that assumes you have proxy capabilities inside your network to get him on the Internet if he needs it. So there are several considerations to make here. Either way an IPsec tunnel is the best way as the performance should be good and all he needs is a client on his computer in which case he also should run his softphone application on that computer. That way you don't need to modify any hardware in his or your network. And IPsec has better performance then SSL VPN.
So my recommendation is use IPsec VPN with a soft phone and setup security properly.
0
 

Author Comment

by:anthonypham
ID: 33467224
We currently have a Palo Alto Networks Router.  Do you recommend any IPSEC routers for home office uses?
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 33467299
Why do you want a hardware gateway at the remote site? Does the remote user has several machines or a larger network that needs to be connected remotely? If it's just one computer or even two computers it is easier to just use a VPN client. What do you think? Also client to server VPN is normally easier to setup then side-to-side VPN especially with different vendor gateways.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:anthonypham
ID: 33467483
Thanks for the help so far.  I believe the VPN client is a good solution will work out about 50% of the time.  We have some users who prefer a physical IP phone.  I believe I would need it routed through the IPSec as well.  Tell me what you think.
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 33467724
OK. Those who prefer a physical IP phone give them a headset 8) Seriously. I like to avoid hardware whenever I can - trust me it will keep piece of mind and sanity in IT management. If you must have a small hardware IPsec box we had good success with Linksys (value for your money). If budget is not a major concern I'd go with Juniper off course. One word of caution: ensure compatibility with your VPN gateway at your central site! Juniper will work in most cases.
0
 

Author Closing Comment

by:anthonypham
ID: 33467748
Thanks for the helpful and prompt responses.  They were valuable for us.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question