Here is the basics for remote extn's:
Remote H323 Extensions
For IP Office Release 8.0+, the configuration of remote H323 extensions is supported without needing those extensions to be running special VPN firmware. This option is intended for use in the following scenario:
· The customer LAN has a public IP address which is forwarded to the IP Office system. That address is used as the call server address by the H323 remote extensions.
· The user has a H323 phone behind a domestic router. It is assumed that the domestic router allows all outbound traffic from the home network to pass through and allows all symmetric traffic. That is, if the phone sends RTP/RTCP to a public IP address and port, it will be able to receive RTP/RTCP from that same IP address and port. If this is not the case, the configuration of the user's router to support that is not covered by this documentation.
· Supported Telephones
Currently remote H323 extension operation is only supported with 9600 Series phones already supported by the IP Office system.
· License Requirements
By default only 2 users can be configured for remote H323 extension usage. Additional users can be configured if those additional users are licensed and configured with either Teleworker or Power User user profiles.
Customer Network Configuration
The corporate LAN hosting the IP Office system requires a public IP address that is routed to the LAN interface of the IP Office system configured for remote H323 extension support.
STUN from the IP Office system to the Internet is used to determine the type of NAT being applied to traffic between the system and the Internet. Any routers and other firewall devices between the H323 phone location and the IP Office system must allow the following traffic.
Incoming ICMP to the IP Office system's public IP address must be allow.
UDP port 1719 traffic to the IP Office system must be allowed. This is used for H225 RAS processes such as gatekeeper discovery, registration, keepalive, etc. If this port is not open the phone the phone will bot be able to register with the IP Office system.
TCP port 1720 traffic must be allowed. This is used for H225 (call signalling).
The ports in the range specified by the system's RTP Port Number Range (Remote Extn) settings must be allowed.
If the system setting Enable RTCP Monitoring on Port 5005 has been enabled, traffic on this port must be allowed to include remote H323 extensions in the monitoring.
User Network Configuration
It is assumed that the domestic router allows all outbound traffic from the home network to pass through and allows all symmetric traffic. That is, if the phone sends RTP/RTCP to a public IP address and port, it will be able to receive RTP/RTCP from that same IP address and port. If this is not the case, the configuration of the user's router to support that is not covered by this documentation.
IP Office System Configuration
This is a summary of the IP Office system configuration changes necessary. Additional details and information for H323 telephone installation are included in the IP Office H323 IP Telephone Installation manual. This section assumes that you are already familiar with IP Office system and H323 IP telephone installation.
If more than 2 remote extension users are to be supported, the system must include available Teleworker and or Power User licenses for those users.
2. System Configuration
The following needs to be configured on the IP Office system LAN interface to which the public IP address is routed.
a. Select System | LAN1/LAN2 | VoIP. Check that the H323 Gatekeeper Enable setting is selected.
b. Due to the additional user and extension settings needed for remote H323 extension configuration, we assume that the extension and user entries for the remote H323 extensions and users are added manually.
c. Select H323 Remote Extn Enable.
d. Set the RTP Port Number Range (Remote Extn) range to encompass the port range that should be used for remote H323 extension RTP and RTCP traffic. The range setup must provide at least 2 ports per extension being supported.
3. Network Topology Configuration
STUN can be used to determine the type of NAT/firewall processes being applied to traffic between between the IP Office system and the Internet.
a. Select the Network Topology tab. Set the STUN Server IP Address to a known STUN server. Click OK. The Run STUN button should now be enabled. Click it and wait while the STUN process is run. The results discovered by the process will be indicated by ! icons next to the fields.
b. If STUN reports the Firewall/NAT Type as one of the following, the network must be reconfigured if possible as these types are not supported for remote H323 extensions: Static Port Block, Symmetric NAT or Open Internet.
4. H323 Extension Configuration
H323 remote extensions use non default settings and so cannot be setup directly using auto-create.
a. Within Manager, add a new H323 extension or edit an existing extension.
b. On the Extn tab, set the Base Extension number.
c. On the VoIP tab, select Allow Remote Extn.
d. The other settings are as standard for an Avaya H323 telephone. Regardless of direct media configuration, direct media is not used for remote H323 extensions.
5. User Configuration
The following settings are used to specify that the user is allowed to use a remote H323 extension.
a. On the User tab, set the User Profile to Teleworker or Power User.
b. Select Enable Remote Worker.
The phones do not require any special firmware. Therefore they should first be installed as normal internal extensions, during which they will load the firmware provided by the IP Office system.
Once this process has been completed, the address settings of the phone should be cleared and the call server address set to the public address to be used by remote H323 extensions.
It is assumed that at the remote location, the phone will obtain other address information by DHCP from the user's router. If that is not the case, the other address setting for the phone will need to be statically administered to match addresses suitable for the user's home network.