This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN site to site (work / home)

Hi all, with which router can I create a site to site VPN between the work utm and my home so that I can connect the ethernet phone to my home and that it connects in vpn to the vlan of the pbx at work?

And what ports should I open on my isp router?

Thanks



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    You might want to check out the Sophos RED(Remote Ethernet Device). 

    "Sophos Remote Ethernet Device (RED) is a small network appliance, designed to be as simple to deploy as possible. Its main purpose is to provide a secure tunnel from its deployment location to a Sophos UTM firewall."

    Check out the following document for more info: Sophos UTM: RED (Remote Ethernet Device) technical training guide

    You would need to open TCP 3400 and UDP 3410 ports. 

    Thanks,

  • Thanks , but I'm looking for an alternative and less expensive solution to RED, as I only need to connect an IP phone.
    Thanks

  • Ciao papali,

    If this is an Ethernet phone, the RED connection is the solution.  If you have a UTM with a free home-use license at home, you can build a UTM-to-UTM RED tunnel.

    If this is a VoIP phone, you then can use one of the site-to-site VPNs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Balfson, your proposal is valid, but I have to do the same thing for 10 users, that is to connect 10 voip phones to their home and I don't have the budget to buy 10 REDs or install computers with UTM with free home-use license. An alternative came to my mind, I ask for advice: Since most of the users to whom I have to connect a voip phone have a fixed public ip provided by their ISP, if I created a NAT destination from their home to the PBX by authorizing only that one. public IP address, would it be safe? Obviously then I have to put my hand to their ISP's router to configure a forwarding port.

    Thanks in advance.

  • VoIP phones are not the same as Ethernet phones.  A single DNAT in your UTM should be all you need for your solution instead of worrying about the ISPs' routers:

    {group of Hosts for employee IPs} -> {group of services needed for your phones} -> External (Address) : DNAT to {Host for PBX}

    Any luck with that, or does your PBX also need to start a connection with your phones?

    If the phones can VPN to your UTM or if the home routers can be configured to connect via VPN, you wouldn't need to open any ports to the outside,

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA