Connecting VOIP phones behind a RED to PBX/SIP behind UTM on different subnet.

Added question related to main question and an update: How would the addition of VLANs effect the use of the phones behind the RED device? I just remembered that the other site I was going to test with has another "mini/slave pbx" in use and I know the provider is using 2 VLANs (voice and data) as all traffic goes through their Cisco switches and then our switches and RED. 

So, I have done some simple testing from the remote site back to here (ping and tracert) and I'm not sure a remote phone would work as the VAR keeps insisting that the PBX and devices must be on a FLAT network. The PBX was not pingable and the tracert timed out from the remote side. Doing the same ping and tracert to a server on the same subnet as the PBX did return results.

Doing some more poking around, and remembering some comments from office managers who have access to the PBX GUI as well and complain they can't access the GUI over our SSL VPN, the PBX appears to try and redirect traffic bound for the GUI to an internal (to it) address. For example, entering in the PBX address even while on the same subnet: URL: http://10.200.200.10 (PBX) causes it to time out and the URL changes to:

We manually have to change the address to: http://10.200.200.10:8008/cgi-bin/cpconf?_m=0030 ..... to have it work. Is there any rules or settings on the UTM that I can create to compensate for their "bad" addressing/routing?

I'm nearly (well I've been at the point for a while now) at removing the entire solution and replacing it with our own ASTERISK, FREEPBX or FREESWITCH and our existing hardware and Linphone for a soft-phone. Then I remember that I'm already stretched thin. :)

Yes, Dave, you can make a RED tunnel between two UTMs. Using an IPsec tunnel wouldn't do what you want.

I didn't follow the issue with the URL change, but maybe accessing via a RED tunnel would solve that problem.

Cheers - Bob

Hey Bob. All the tests where done via a RED tunnel.  I'm guessing this is an issue with subnet (remote) talking to a subnet (UTM) talking to another subnet (PBX has 2 ethernet interfaces - one on the UTM the other to the Partner's ADSL).  I'm thinking at this point it will be easier to let them "win" and have their monthly fees.

This must be a routing issue, Dave.  I'm confused by the diagram that sows what looks like two PBXs.

Cheers - Bob

Bob,

The set (red boxed now too) on the left is what the VAR is trying to sell us, and the one on the right (red arrow pointing to it) is what we have now. Present one (red arrowed) has two IP's (potentially 3 as it is on their own ADSL service). The 10.200.X.10 address it has was assigned by us and the 192.168.0.10 is what they use "internally" on the PBX and we can't change.  When we want to make changes to what we can (extension names, menu options etc) via their portal we go to 10.200.X.10 which then seems to use the 192.168.0.X range internally to them.

Bob,

The set (red boxed now too) on the left is what the VAR is trying to sell us, and the one on the right (red arrow pointing to it) is what we have now. Present one (red arrowed) has two IP's (potentially 3 as it is on their own ADSL service). The 10.200.X.10 address it has was assigned by us and the 192.168.0.10 is what they use "internally" on the PBX and we can't change.  When we want to make changes to what we can (extension names, menu options etc) via their portal we go to 10.200.X.10 which then seems to use the 192.168.0.X range internally to them.