This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting VOIP phones behind a RED to PBX/SIP behind UTM on different subnet.

Hello all,

Presently we have 5 small remote offices running REDs on Standard/Unified configs, so that everything is filtered via the UTM here at HQ.  At HQ we have a PBX with approx 35 VOIP phones on it and is capable of handling another 50, easily.  Our provider/VAR (whom I see as just wanting to do the "latest thing" and have monthly service fees coming in and new configuration/contract charge$) is stating that we can't have "directly connected" remote phones, but must instead get another PBX for the remote office and use their "new hybrid" service that will connect new PBX to current one instead. To put it roughly the monthly service costs of 4 phones (not counting hardware charge$) at the remote office will be $10 more a month than what what all 35 of the phones presently used are.  (Example: HQ = $200/m for 35, Remote office would be $210/m for 4)!

There are no VLANs in use, nor QOS (both of which I want to change) so that data and voice have their own limits.  Yes, all remote sites have all their traffic come through HQ, so if our network goes down, so does theirs (something else I'm looking to change eventually).

As I am not a networking genius, but more a lay person+, is there not a way to have the UTM mask all data from 10.71.X.X/24 pointed at the PBX 10.225.X.10 appear to be actually coming from static assigned IPs of 10.225.X.X/24 on the remote phones? To summarize, I would like to have the 4 devices behind the RED have 10.200.X.X/24 IPs and function as if on that network. The problem is that the RED is the gateway device and unless I'm wrong (highly probable), the phones would never communicate out as they would need to have a GW on 10.200.X.X/24, while sitting behind the RED's GW of 10.71.X.X/24

Picture of present config (Blue arrows is current or what I propose happens), what the VAR is trying to sell (Orange arrows and dashed boxes). At HQ the VAR has access to the PBX via ADSL (green arrow) and at our remote office, their "new solution", would ride on our fibre, as this remote office is in a new area and it already cost us $$$ to get fibre in, let alone what the markup on the VAR side for connection would be.



This thread was automatically locked due to age.
Parents
  • Dave, I suspect the salesman for your provider is ignorant of how the RED devices function.  In Standard/Unified, your PBX shouldn't be able to tell whether a phone is two feet away or behind a RED 100 miles away.  What happens if you move an existing phone to one of the locations?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • The scary part is, the VAR (not the manufacturer) is a Sophos partner, which is why I stated the ultimate goal seems to be upselling and more/additional, re-occurring monthly "service" revenue. I don't want to preach, but the tech vendors are going the way of the game developers and other services. This mainly being that everything is a starter (incomplete) offering, features that existed are now addons and you are renting/subscribing anything you need.

    The remote office in question is over 1000 miles away, so not as easy as try it. However, I do have another office closer by with a RED15 on it that I can try. Another crazy question that is related, would another UTM be able to be similarly "configured" as a RED to do the same? We have another larger office with the same phone system already in place with a UTM that is IPSEC s2s VPN connected.

    I'm looking to put together a proposal for management that involves replacing or 2 UTMs at HQ, 1 UTM at previously mentioned office, with 3 newer models and then shuffling around our RED 50s to the RED 15 locations, and swapping the 50's with our present UTMs.

Reply
  • The scary part is, the VAR (not the manufacturer) is a Sophos partner, which is why I stated the ultimate goal seems to be upselling and more/additional, re-occurring monthly "service" revenue. I don't want to preach, but the tech vendors are going the way of the game developers and other services. This mainly being that everything is a starter (incomplete) offering, features that existed are now addons and you are renting/subscribing anything you need.

    The remote office in question is over 1000 miles away, so not as easy as try it. However, I do have another office closer by with a RED15 on it that I can try. Another crazy question that is related, would another UTM be able to be similarly "configured" as a RED to do the same? We have another larger office with the same phone system already in place with a UTM that is IPSEC s2s VPN connected.

    I'm looking to put together a proposal for management that involves replacing or 2 UTMs at HQ, 1 UTM at previously mentioned office, with 3 newer models and then shuffling around our RED 50s to the RED 15 locations, and swapping the 50's with our present UTMs.

Children
No Data