Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Best way to setup remote worker with IP Phone

Posted on 2010-08-18
Medium Priority
Last Modified: 2012-05-10
We currently have a remote worker who uses citrix to access our networks.  We would like to setup an IP Phone at his site but we're not sure how to implement it securely.  We don't have SIP on the extranet so the user would need to VPN into our site.    We have an NEC SV system.

What I am thinking is we can do a IPSec between our site and his home.  His office is downstairs and his router is upstairs.  His home is entirely wireless.  Should we replace his router and setup IPSec to only route the IP Phone traffic?

We have also tried to use SSLVPN with a soft phone.  However, it is not the same experience as with a real phone.

What would be the best way of handling this? Are there better alternatives?
Question by:anthonypham
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Accepted Solution

Allvirtual earned 2000 total points
ID: 33466852
You want to think about complete security. Remote workers introduce certain risks into your network. Such as when they access your Intranet and the Internet at the same time there is a risk that malicious traffic gets tunneled into your company network. So I'd setup a secure IPsec tunnel from his home to the company with no Split Tunneling allowed when connected. Off course that assumes you have proxy capabilities inside your network to get him on the Internet if he needs it. So there are several considerations to make here. Either way an IPsec tunnel is the best way as the performance should be good and all he needs is a client on his computer in which case he also should run his softphone application on that computer. That way you don't need to modify any hardware in his or your network. And IPsec has better performance then SSL VPN.
So my recommendation is use IPsec VPN with a soft phone and setup security properly.

Author Comment

ID: 33467224
We currently have a Palo Alto Networks Router.  Do you recommend any IPSEC routers for home office uses?

Expert Comment

ID: 33467299
Why do you want a hardware gateway at the remote site? Does the remote user has several machines or a larger network that needs to be connected remotely? If it's just one computer or even two computers it is easier to just use a VPN client. What do you think? Also client to server VPN is normally easier to setup then side-to-side VPN especially with different vendor gateways.
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments


Author Comment

ID: 33467483
Thanks for the help so far.  I believe the VPN client is a good solution will work out about 50% of the time.  We have some users who prefer a physical IP phone.  I believe I would need it routed through the IPSec as well.  Tell me what you think.

Expert Comment

ID: 33467724
OK. Those who prefer a physical IP phone give them a headset 8) Seriously. I like to avoid hardware whenever I can - trust me it will keep piece of mind and sanity in IT management. If you must have a small hardware IPsec box we had good success with Linksys (value for your money). If budget is not a major concern I'd go with Juniper off course. One word of caution: ensure compatibility with your VPN gateway at your central site! Juniper will work in most cases.

Author Closing Comment

ID: 33467748
Thanks for the helpful and prompt responses.  They were valuable for us.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question