×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

remote j179 without VPN or SBC
2

remote j179 without VPN or SBC

remote j179 without VPN or SBC

(OP)
This is for a Business owner's home. After reading through the manuals I believe the phone has to see port 80 and 443 on the PBX plus 5060. I cant use those ports. can I change the ports in the j179 by inserting a colon and the port I would like to use after the IP address of my http server? Are there ports I am missing?

RE: remote j179 without VPN or SBC

Don't do it.
Use a SBC or don't do it at all!

BAZINGA!

I'm not insane, my mother had me tested!

RE: remote j179 without VPN or SBC

You can do this over NAT. Not recommended, but if you forward the following ports you can get your J179 and Equinox working without an SBC.

5060-5061 TCP
5060-5061 UDP
10000-20000 UDP ( check your RTP Range in IPO..This is my range )

Forward those ports to your IPO.

For provisioning phones on from outside the IPO LAN, you need to do an extra step.

First from within the LAN go to http:ipoffice_address/46xxsetting.txt and copy the txt to a file.

Now on a public web server that your J179 and Equinox can access, create a text file called 46xxsettings.txt and past in the contents you copied. Save.

You will also need to download the security certs from the IP Office and place them in the public web server were you created the 46xxsettings.txt file. Make sure the name of the cert matches what is in the 46xxsettings.txt file. Just search the 46xxsettings.txt for SET TRUSTCERTS and make sure your name the cert exactly what you see on that line.

Now in the J179 just specify the http address as the IP address to the web server you have those files stored on. When it boots up, it checks the http address for the 46xxsettigs.txt file, downloads the cert, and registers to the IP Office.

FYI.. I use an apache web server to host my phone settings files and firmware.

Although this works, you need to make sure your IP Office is hardened if you are exposing it this way. My system is a lab system, so I can afford to throw caution to the wind.

As tlpeter stated, the only way you SHOULD do this is with an Session Border Controller.

RE: remote j179 without VPN or SBC

(OP)
I fingered it out. Learned a lot. Thanks!!

RE: remote j179 without VPN or SBC

(OP)
After reading that, I'm very impressed. You have just taken me up a notch.

RE: remote j179 without VPN or SBC

Glad you figured it out..

Any chance you can tell us....what you did to figure it out

Travis Harper give us a great description of his method.

RE: remote j179 without VPN or SBC

(OP)
I created a firewall entry on the IPO side allowing ports 5060, 80, and 443 from the ip of the offsite phone. Just that one public IP had access to that port. Then the phone found the files and runs perfectly.

RE: remote j179 without VPN or SBC

You should only use encrypted connections!

And with those ports the phone will be able to register but you will not hear any tone.

Need some help with IP Office? https://www.fwilke.com/home

RE: remote j179 without VPN or SBC

(OP)
I also did rtp

RE: remote j179 without VPN or SBC

You should really only be doing this over TLS (as @derfloh points out) and with non-standard ports. You'll need to sort out your certs too.

Ideally use the option for "Use Preferred Phone Ports" which will mean the below ports will be mapped as;

80 -> 8411
443 -> 411

This will be more secure as you don't want to have 80/443 open to the public.

Change your Remote TLS port to something random (but also memorable). Your auto-generated 46xxsettings.txt file will reflect this.

Make sure your firewall matches the above and you will have a better setup than the one you have currently.

ACSS (SME)

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close