Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:

Published bySidney Kenniston Modified over 10 years ago

Similar presentations

Presentation on theme: "Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:"— Presentation transcript:

1 Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications: SIP Trunking, Video, Collaboration and More ITEXPO Conference, Austin, September 2011 By: Karl Erik Ståhl President Intertex Data AB CEO and Chairman Ingate Systems AB karl.stahl@intertex.se Also see Live Demo Presentation from ITEXPO SIP Trunking Summit Miami, February 2011! http://www.ingate.com/files/ITEXPO_Miami_2011_Presentations/Intertex%20-%20UC%20Across%20the%20Borders.pps

2 © 2011 Intertex Data and Ingate Systems What are Mobility and Remote Users? We certainly want our home workers connected to the company PBX And the same goes for our road warriors -at the hotel -at public WiFi All should have all PBX services -Reached by extension number or DID -Place PSTN calls (displaying correct CallerID) -Voice mail, conferencing etc. -Presence, IM, video if supported by the PBX Call me on my Swedish office number +46 8 12345629 now! 2 slides from Live Demo Presentation from ITEXPO SIP Trunking Summit Miami, February 2011! http://www.ingate.com/files/ITEXPO_Miami_2011_Presentations/Intertex%20-%20UC%20Across%20the%20Borders.pps

3 INGATE LAN ingate.com Internet US, Miami THIS LAN, SIP Trunk-UC Summit (sophie@ingate.com) steeg@intertex.se CELL PSTN INTERTEX LAN intertex.se Sweden 3G stefan@ingate.com PSTN SIP/PSTN Gateway SIP Trunk Provider 1 PSTN SIP/PSTN Gateway SIP Trunk Provider 2 calle@intertex.se Japan kamill@von.sipnr.org

4 We Saw Mobility and Beyond POTS Ordinary phone calls reach my laptop across the Ocean! I can use extension number as connected to the home PBX And I see presence and can put calls into conference… I can also: Call Sophie in another domain (federate) … even with Video … even though, she is also remote from the Ingate office (Actually she is in the room.) … with media going the shortest way (here on the LAN) while signaling goes back to Sweden!

5 © 2011 Intertex Data AB 5 We Saw Mobility and Beyond POTS All other PBX functionality also works remotely E.g. IM (Instant Messaging) And voice mail comes via email, and can be played by a click here.

6 © 2011 Intertex Data AB 6 But Why are NATs and Firewalls Such Obstacles Typical Internet protocol (SMTP, HTTP…) Internet HOST SERVER SIP (and H.323…) connects Person-to-Person Internet PERSON Locate the personSet up a session + Open real time media streams +

7 © 2011 Intertex Data AB 7 SIP Does It! – But a Very General Solution is Required PSTN Public Internet SIP Trunking Provider GW SIP System Data & VoIP LAN IP-PBX Soft Clients and Multimedia Terminals Intertex IX78 E-SBC The SIP Proxy in the E-SBC forwards and rewrites the SIP signaling and controls media through its NAT/Firewall. Remote User calle@intertx.se DNS intertex.se

8 © 2011 Intertex Data AB 8 And there May be More to Consider (Telia Network)… IX78 E-SBC is a SIP Proxy based Firewall Controlling SIP Signaling and Media TR-069 Internet IP-TV VoD IP-TV VoD IMS VoIP IMS VoIP PDA VLANs or ADSL Virtual Circuits The Multimedia LAN WiFiWiFi IP- PBX SIP Trunk Remote User The remote user is often behind a remote NAT/FW – SIP Traversal needed. Far End NAT Traversal (FENT) can be enabled in the IX78 E-SBC. NAT FW SIP on different WAN pipes must be handled

9 © 2011 Intertex Data AB 9 Remote Users Require More Security Measures Remote users to the PBX can be authenticated by the IX78 (also) Brute Force Attack Protection Attackers are nowadays trying to find simple passwords by brute force testing. 10 – 100 trials/second have been seen (e.g. SipVicious / friendli-scanner). After 3 trial we pretend all attempts are wrong, so the correct one is never found.

10 © 2011 Intertex Data AB 10 …in Addition to e.g. Preventing SIP DoS Attack Signature Recognition If the internal SIP proxy detects known signatures in SIP headers from attackers, it instructs the internal firewall to block attacking IP address. New signatures can be added manually or provisioned automatically. SIP Rate Limiting: If there are more than 20 SIP packets/seconds from the same IP address, the internal firewall blocks that IP address for 20 seconds and does not respond to that IP address until the SIP packet rate is below 3 packets/seconds.

11 11 Different Types of PBXs are SIP Trunked Data LAN only PBX with system system phones phones PBX Type 1.5 VoIP & Data LAN PBX Type 2 IP- PBX PBX Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot. A Good E-SBC Should Provide: 1)NAT/Firewall Traversal – Must NAT to same address space! 2)Basic SIP and Network Interoperability - E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc. 3)SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4)Features - E.g. Remote Users, Administration (remote and local) 5)Security - LAN/PBX/VoIP network protection, Service attack protection VoIP & Data LAN IP- PBX PBX PBX Type 1 Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk. SIP Trunk Interface Signaling: Media: SIP Trunk PSTN SIP Trunking Provider Network GW SIP System 2) 3) 4) 5) IX781) 2) 3) 4) 5) But they may not have SIP Phones...

12 © 2011 Intertex Data and Ingate Systems 12 Remote Users Supported If the PBXs uses SIP compliant phones IX78 E-SBC set up to forward incoming SIP to the PBX Can use WAN IP address or domain name in the SIP address. The E-SBC can authenticate the users Remote users should preferably also be behind an Intertex/Ingate E-SBC for automatic NAT/Firewall traversal If the remote user is behind an ordinary NAT/Firewall (non SIP aware), FENT (Far End Nat Traversal) can be enabled in the IX78 E-SBC If non-SIP IP phones are used, the PBX vendor may have some tunneling solution for remote workers The IX78 not involved Standard SIP phones (local or remote) can also be registered directly to the IX78 E-SBC Directly ready for remote users The E-SBC will authenticate the users Extension numbers can be integrated Not all PBX features will be available to such phones

13 © 2011 Intertex Data AB 13 PBX with non-SIP phones SIP Clients Can be Registered Directly to the IX78 E-SBC There are many PBXs out there that do not allow Soft Clients, Remote Users or Standard SIP Phones. Registrar Soft Client WiFi Mobile Remote Users Numbers integrated

14 14 E-SBCs & SIP Capable Firewalls Ingate Systems Inc. www.ingate.com Info@ingate.com 7 Farley Road Hollis, NH 03049 United States Ph: +1 (603) 883-6569 Tel sv: +46 8 6007750 Intertex Data AB www.intertex.se info@intertex.se Rissneleden 45 SE-174 44 Sundbyberg Sweden sip:reception@intertex.se Tel: +46 8 6282828 See us at ITEXPO Room 9C!

15 © 2011 Intertex Data AB 15 Ordinary Voice IADs – Good for Telephony Replication… Internet The 5060 SIP-port is just grabbed on the outside to the FXS ports! Lower level SIP ALGs often cause problems and do not handle more than basic scenarios. SIP to the LAN or WiFi Calls between SIP clients on LAN Calls between internal ATA ports and LAN clients Call transfers, 3-party calls, etc. Using SIP generally over the Internet (Operator took all the SIP) (Users must not be deprived of general SIP-functionality!) Often problems with, or total lack of: Telephone ports (FXS) on the CPE is a popular way to deploy IP telephony. By logically placing the SIP clients on the outside of the NAT/Firewall, unreliable work-around methods like STUN, TURN and ICE become unnecessary. However, this only gives POTS replication, often even stopping general SIP based services!

16 © 2011 Intertex Data AB 16 No battery draining of WiFi mobile phones, otherwise caused by keep-alive packets* inhibiting sleep mode. * Work-around methods for SIP NAT-traversal like STUN, TURN, ICE and Far End NAT Traversal use frequent keep-alive packets to keep holes in the NAT/Firewall open. Our CPEs are SIP Capable NAT/Router/Firewalls Internet Problems solved where they occur Wired or wireless SIP clients (phones, soft clients, PDAs) No special requirements on the SIP Client – Just standard SIP SIP All Intertex CPEs have a SIP Proxy based SIP aware Firewall/NAT General, can handle complex call scenarios and all SIP services Additional functionality available (SIP server, PBX functionality etc.) IMS

Download ppt "Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:"

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.

Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.
Lessons Learned Across the Pond

Lessons Learned Across the Pond
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks

Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks
Packetizer ® Copyright © 2007 A Concept for the Advanced Multimedia System (AMS) Paul E. Jones Rapporteur ITU-T Q12/16 July 30, 2007.

Packetizer ® Copyright © 2007 A Concept for the Advanced Multimedia System (AMS) Paul E. Jones Rapporteur ITU-T Q12/16 July 30, 2007.
Driving the Need for Internet+

Driving the Need for Internet+
Beyond POTS Replacement

Beyond POTS Replacement
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.

Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.

Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
© 2013 Ingate Systems AB 1 Prepared for:ITEXPO Conference, Las-Vegas, August 2013 By: Steven Johnson President Ingate Systems Inc. Also.

© 2013 Ingate Systems AB 1 Prepared for:ITEXPO Conference, Las-Vegas, August 2013 By: Steven Johnson President Ingate Systems Inc. Also.
SIP Explained Gary Audin Delphi, Inc. Sponsored by

SIP Explained Gary Audin Delphi, Inc. Sponsored by
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Similar presentations

Ads by Google