Direct Remote Extension

Discussion in '3CX Phone System - General' started by EricMatelyan, May 6, 2013.

Thread Status:
Not open for further replies.
  1. EricMatelyan

    Joined:
    May 6, 2013
    Messages:
    4
    Likes Received:
    0
    Hello,

    I've been having trouble trying to setup a direct remote extension for the past 2 days, and was hoping I could get some assistance on this.

    We have 2 sites, both with Static IPs
    Site A has a 3cx server
    Site B only has 3 users, and I'm trying to setup direct remote extensions to connect to Site A
    Both sites have Cisco ASA 5505 firewalls
    We are using Grandstream GXP-2100 phones

    I've configured port forwarding on both firewalls
    The Firewall checker verifies that the ports are forwarding correctly
    I've followed the instructions at the two links below,
    http://www.3cx.com/blog/voip-howto/remote-extensions/
    http://www.3cx.com/blog/docs/provisioning-a-remote-extension/
    The last step states to point the "Config Server Path" to "//PublicIPofPBX:5000/provisioning", and the phone will download the configuration, however nothing happens after this point.
    I created a test document at this location, //PublicIPofPBX:5000/provisioning, and I'm able to open it from the remote site, so I know that the port is open. Any suggestions?

    Another note, we have an IPSec VPN between the two sites. Is there any easier way to do this through the VPN? I know the other option was to setup a proxy server at the remote site, but management wanted this done sooner than later, so I figured I could get it configure remote extensions real quick, and have our phones up. I was obviously wrong.
     
  2. farsight

    Joined:
    Sep 28, 2009
    Messages:
    43
    Likes Received:
    0
    Setting up external extension has not been one of my successes.

    I did note that you have a VPN. The two networks should be mapped and you should not have to open any ports. The firewall settings should be for the ISP IPs.

    Over the VPN, the remote extensions show up as local.

    Yes? No?
     
  3. EricMatelyan

    Joined:
    May 6, 2013
    Messages:
    4
    Likes Received:
    0
    I was able to setup a proxy manager at the remote location, and have the remote phones go through that successfully. It doesn't seem as though the phones are travelling across the tunnel though.

    I'm not going to fuss around with it anymore at this point, because it was a pain to even get this far, but I wasn't able to find ANY documentation, tutorials, videos, etc...on how to set it up with a VPN. Maybe I'm doing something wrong on my end, but the VPN works fine for everything else.

    Thank you for the reply
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,858
    Likes Received:
    301
    It can depend how you are using VPN. Are the devices connecting directly with the VPN server (acting as VPN clients), PC's running the 3CX soft phone, and some other devices are capable of this, or is all VPN handled by a VPN router at the remote end. If it's the later (which I suspect), and assuming that the IP's of the remote sets (devices) are on the same subnet as the "home" LAN, then all setting of the phones should be as if they were on the same LAN as the 3CX server. In this case there should be no need for port forwarding.
     
  5. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    When you attempt to setup the direct external extensions are you than able to see the phone attempting to connect on the server activity log or is does it nothing at all?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. kristijonas

    Joined:
    Jan 29, 2013
    Messages:
    27
    Likes Received:
    0
    Have phones working over site-to-site vpn as well as remote extensions without any problems. If you have VPN connection between sites, why would you bother with remote extensions at all? Does it show anything about those phones trying to connect in 3cx log?
    Can computers/servers in both sites A and B access/ping/etc. the other end?
     
  7. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    1
    Agreed.. we found that trying to run connections at a remote office using both remote extension configs as well as direct extension configs which traversed the VPN were problematic.. regardless of the "why would you ever" question.

    If you want to stick with VPN, turn off SIP-ALG on your edge firewall. While I doubt it would or even should come into play since the traffic for VoIP over the VPN is the same for the rest of the data over the VPN.. it should not even look at it.. but make sure it is not.

    I have a client with multiple remote offices.. I just cut over using remote extensions at one to using the VPN tunnel instead.
    While I hate bumping the payload to send VoIP over VPN, I am beginning to believe the firewall had better be up to snuff to handle it instead of dinking around with the "multiple remote extension at remote office" scenario. Ended up wasting more time there than just doing the VPN.. go figure.
     
Thread Status:
Not open for further replies.