none
Publish Elastix (Asterisk) PBX behind Forefront TMG

    Question

  • Can any body provide a step by step tutorial on how to publish an Elastix server behind Forefront TMG?

    What I need is:

    • Remote administration of the web server?
    • Remote SIP extensions
    • Internet SIP Trunk
    • Remote SSH access to the server

    Monday, July 23, 2012 4:41 PM

Answers

  • Ok, I did it for myself, here are the instructions just in case anyone needs them.

    1.- Remote administration of the Web Server

    I am not going to explain this because it is like publishing any other web server, you have to be careful publishing this, because, it is know that Asterisk distros web servers are commonly hacked over the 443 port.

    2.- Remote SSH access to the server.

    On ForefrontTMG

    a) Create a custom Protocol, it can be called (SSH Server):

    - Protocol Type: TCP

    - Direction: Inbound

    - Port Range: What SSH ever port you asterisk box use. Ex 22 to 22

    b) Create a Non-Web Server Protocol Publishing Rule

    - Give it the Name you want, like Elastix SSH

    - Enter the IP-Address from the Asterisk box

    - Select the newly created protocol

    - Select the external Network as the listening one and click Finish

    - Right Click on the new Rule, click properties

    - Check the "Requests appear to come from th Forefrton TMG computer" in the "To" tab an click ok

    - Apply the Rule

    - Done

    3.- Internet SIP Trunk

    a) Create a custom Protocol, it can be called (Custom RTP 10K) (10k is just to remember that the custom RTP port will handle ports from 10000 to 20000):

    - Protocol Type: UDP

    - Direction: Send Receive

    - Port Range: 10000 to 20000

    b) Create a Computer Set

    - Add Computer, browse, Input the name of you Sip server provider Ex. sip.voipprovider.com (This will return one or more IP addresses, add all of them)

    c) Now, click on configure VOIP

    - Select "IP phone are connected to an Internal IP PBX"

    - Select "The Internal PBX is serviced by external (hosted) service

    - Input the IP address of the asterisk box - click next

    - Add the computer set created above containing the ip addreses of the sip provider - click next

    - Select the internal network

    - Finish

    d) Expand the VOIP Rules

    - On each of the rules that appears with the RTP protocol, right click properties

    - Protocols Tab: add the "Custom RTP 10k" protocol created before

    - Leave if you want the RTP protocol, otherwise delete it, press OK

    - Done

    4) Remote SIP phones

    The above steps will also work for external sip clients

    Saturday, August 04, 2012 12:40 AM

All replies

  • Hi,

    Thank you for the post.

    You may consult Elastix support what protocol and ports should be opened for external access. And then create Non-web server protocol publishing rule to publish your Elastix server.

    Regards,


    Nick Gu - MSFT

    Wednesday, July 25, 2012 2:19 AM
    Moderator
  • Ok, I did it for myself, here are the instructions just in case anyone needs them.

    1.- Remote administration of the Web Server

    I am not going to explain this because it is like publishing any other web server, you have to be careful publishing this, because, it is know that Asterisk distros web servers are commonly hacked over the 443 port.

    2.- Remote SSH access to the server.

    On ForefrontTMG

    a) Create a custom Protocol, it can be called (SSH Server):

    - Protocol Type: TCP

    - Direction: Inbound

    - Port Range: What SSH ever port you asterisk box use. Ex 22 to 22

    b) Create a Non-Web Server Protocol Publishing Rule

    - Give it the Name you want, like Elastix SSH

    - Enter the IP-Address from the Asterisk box

    - Select the newly created protocol

    - Select the external Network as the listening one and click Finish

    - Right Click on the new Rule, click properties

    - Check the "Requests appear to come from th Forefrton TMG computer" in the "To" tab an click ok

    - Apply the Rule

    - Done

    3.- Internet SIP Trunk

    a) Create a custom Protocol, it can be called (Custom RTP 10K) (10k is just to remember that the custom RTP port will handle ports from 10000 to 20000):

    - Protocol Type: UDP

    - Direction: Send Receive

    - Port Range: 10000 to 20000

    b) Create a Computer Set

    - Add Computer, browse, Input the name of you Sip server provider Ex. sip.voipprovider.com (This will return one or more IP addresses, add all of them)

    c) Now, click on configure VOIP

    - Select "IP phone are connected to an Internal IP PBX"

    - Select "The Internal PBX is serviced by external (hosted) service

    - Input the IP address of the asterisk box - click next

    - Add the computer set created above containing the ip addreses of the sip provider - click next

    - Select the internal network

    - Finish

    d) Expand the VOIP Rules

    - On each of the rules that appears with the RTP protocol, right click properties

    - Protocols Tab: add the "Custom RTP 10k" protocol created before

    - Leave if you want the RTP protocol, otherwise delete it, press OK

    - Done

    4) Remote SIP phones

    The above steps will also work for external sip clients

    Saturday, August 04, 2012 12:40 AM