This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with VoIP setup.

Hi there,

I'm trying to use my 50meg circuit to share between our new voip network and our existing data network.  The desired setup would be like the attachment.

The problem is, the VoIP ALG (it's essentially a router) NEEDS a public WAN IP in order to function properly.  I have plenty of spare public IP's, and a couple open ports in the ASG.

I have heard you can setup a "bridge" to essentially give the ALG a public IP, while it is behind the firewall.

Has anyone done this?  If so, what do I assign the internal ALG facing interface for the default gateway?  Just a little confused on the setup.

Hopefully this kinda made sense.  [:)]

Any help is appreciated.

This thread was automatically locked due to age.

Parents

0 BarryG over 15 years ago

Hi, afaik, if you bridge the firewall, all traffic will be bridged. I'm not sure that's what you'd want.

One option would be to setup one or more DMZs with public IPs, and put the ALG in DMZ.
Or use only public IPs for your entire network, if you have enough.

Either of the above requires a 'transfer network' with between your ISP and Astaro, and then you use your public networks internally with your ISP handling the routing.

IMO, there's nothing wrong with using 'public' addresses internally, but the PCI CISP DSS says otherwise if you're processing credit cards.

I would think a simple DNAT would work for the ALG though; DNAT one of the external IPs to the ALG.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 15 years ago

Hi, afaik, if you bridge the firewall, all traffic will be bridged. I'm not sure that's what you'd want.

One option would be to setup one or more DMZs with public IPs, and put the ALG in DMZ.
Or use only public IPs for your entire network, if you have enough.

Either of the above requires a 'transfer network' with between your ISP and Astaro, and then you use your public networks internally with your ISP handling the routing.

IMO, there's nothing wrong with using 'public' addresses internally, but the PCI CISP DSS says otherwise if you're processing credit cards.

I would think a simple DNAT would work for the ALG though; DNAT one of the external IPs to the ALG.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 mufugger over 15 years ago in reply to BarryG

Thanks for the response.

It appears you can do selective bridging, and you can enable it only on the ports you want to use. Check out the attachment. I was originally going to do a NAT rule, but the interface on the ALG must be a public IP, not a private IP.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 15 years ago in reply to mufugger

but the interface on the ALG must be a public IP, not a private IP.

I doubt this is completely true... most corporate networks nowadays use NAT, often even for the DMZs, so no equipment has a public IP; it's all NATted (DNAT).

Barry
Cancel
Vote Up 0 Vote Down

Cancel