NEC UNIVERGE SV9100 Manual page 26

26
This re-routing of IP address from one address (Private Address) to another (Public Address) and the
allowing of only selected ports to be opened create problems for the VoIP.
When a VoIP terminal receives a VoIP packet from a far-end site, the voice application routes
information back to the far-end based on the embedded address. With the ports and addressing for
the VoIP packets being defined at a layer to which the NAT device doesn't operate, a problem is
created due to the addresses not matching and the correct ports not opening in the NAT device.
In order to resolve the NAT issues mentioned, the VoIP communication packets must be
preconditioned for a VPN protocol before exiting from a NAT enabled network.
SIP MLT (DT700 or DT800) and standard SIP extensions are able to traverse NAT routers
without using a VPN. See the relevant section of the on line IP Manual for further information.
The Virtual Private Networks (VPN) section below describes how VPNs achieve this.
4.4 Virtual Private Networks (VPN)
A Virtual Private Network is a private data network that maintains privacy through the use of a
tunnelling protocol and security procedures. Allowing for remote networks (including VoIP devices),
which reside behind
NAT's and/or Firewalls to communicate freely with each other. In SV9100 VoIP networks,
implementation of VPNs can resolve the issues with NAT that are described in the previous section.
The idea of the VPN is to connect multiple networks together using public (i.e. internet) based
connections. This type of connection is ideal for those commuters, home workers, or small branch
offices needing connectivity into the corporate backbone. It is possible to connect these remote
networks together using private links (such as leased lines, ISDN, etc.) but this can be very
expensive and there is now a high demand for low cost internet connectivity.
Companies today are looking at using a VPN for a variety of connectivity solutions, such as:
Remote User to Corporate Site VPN
Allows employees to use their local ISP's fastest connection such as cable modems or DSL. For
travelling users, all they would need to do is dial into their ISP's local phone number.
Site-to-site VPN
Allows companies to make use of the Internet for the branch-to-branch connections, cutting the cost
of the expensive point to point leased line service.
Extranet
Extranet describes one application using VPN technology. The concept is that a company and a
vendor/supplier can access network resources at each site. For example, a customer may have
access to a supplier's intranet for access to product information
VPNs can be implemented in hardware or software. For single users, such as travelling sales
personnel may have a software based VPN client on their laptop computer. This would connect back
to the Head Office VPN server. For larger sites, the VPN would typically be implemented using a
hardware VPN - this is often incorporated in to a firewall solution.
The diagram below shows an example of how a VPN tunnel may be implemented. The dotted lines