NEC Sl2100 Networking Manual page 52

SL2100
What should be noted is that no matter which security measure is implemented, the VoIP must have
TCP/UDP ports open in the security wall (e.g., firewall/proxy) for the media and control streams to
flow. If any point in the network prevents the ports from flowing from end-to-end, the VoIP application
does not work.
The ports that need to be open on the firewall/proxy vary depending on the particular application being
used. A list of these ports is shown below, however it should be noted that the preferred solution would
be to allow all ports on the NEC SL2100 device to be open, or to place the NEC SL2100 outside of the
firewall.
Applications
PC Programming
Web Programming
DHCP Server
SIP MLT Listening Port
SIP Trunk Listening Port
SIP Single Line Stations
Realtime Transport Protocol
Realtime Transport Control Protocol (RTCP)
4.3 Virtual Private Network (VPN) Tunnelling
A Virtual Private Network is a private data network that maintains privacy through using a tunneling
protocol and security procedures. Allowing for remote networks (including VoIP devices), which reside
behind NATs and/or Firewalls to communicate freely with each other.
The idea of the VPN is to connect multiple networks together using public (i.e., Internet) based
connections. This type of connection is ideal for those commuters, home workers, or small branch
offices needing connectivity into the corporate backbone. It is possible to connect these remote
networks together using private links (such as leased lines, ISDN, etc.) but this can be very expensive
and there is now a high demand for low cost Internet connectivity.
Companies today are exploring the use of VPN for a variety of connectivity solutions, such as:
• Remote User to Corporate Site VPN
Allows employees to use their local ISP fastest connection such as cable modems, DSL, and ISDN.
For traveling users, all they need to do is dial into their ISP local phone number.
• Site-to-site VPN
Allows companies to make use of the Internet for the branch-to-branch connections, cutting the cost
of the expensive point to point leased line service.
• Extranet
Extranet describes one application using VPN technology. The concept allows a company and a
vendor/supplier to access network resources at each site. For example, a customer may have
access to a suppliers intranet for access to product information.
VPNs can be implemented in hardware or software. Single users, such as traveling sales personnel,
may have a software based VPN client on their laptop computer. This connects back to the Head
Office VPN server. For larger sites, the VPN is typically implemented using a hardware VPN – this is
often incorporated in to a firewall solution.
The diagram below is example of how a VPN tunnel may be implemented. The red lines in the
diagram show the tunnels that are created through the Internet. Each network can connect to the
others as though they are connected with private connections (kilostream, etc.), without the issues
relating to NAT.
6-6
Rx Port
8000
80
67
5080
5081
5060
5070
10020~10082
10021~10083
Network Design Considerations
ISSUE 1.0
NEC SL2100 Programming
90-54-02
90-54-01
10-46-06
10-46-13
10-29-04
84-20-01
84-26-01
84-26-02