I have Asterisk running well inside our network. I did some experiments exposing it to internet but had some issues:
1. NAT issues (voice one way, etc). From what I understand double-NAT users will always have something like this
2. Immediately I see people trying to hack into. I did configure Fail2Ban and it works somewhat, but not 100%. Erroneous logs, etc
So.. I ended up closing network. Currently most users inside network. My home router have GRE tunnel to office so phone works just fine. Another user uses VPN and soft phone and it works good too.
Now I need to setup some users with actual phone devices and none of those solutions will work. So, I did some research and found that some phones have VPN capability built in. Right now I use Cisco SPA504G phones. We have auto-provisioning for them, works well. But I don’t think they have VPN capability.
What I found it that Cisco 525g2 has AnyConnect functionality (SSL VPN) but not sure if this is what I need.
We have Mikrotik router. Can I setup VPN on router and have this Cisco phone auto-dial VPN and then connect to Asterisk? I’m asking to see if this will work before I go in and buy that phone. Or maybe there is other devices/solutions you suggest? I’d like to stay with Cisco because I’m somewhat familiar with provisioning those..
Thank you Ivan