Should I put Elastix on LAN or DMZ interface?

Discussion in 'General' started by anythingtech, Feb 26, 2011.

  1. anythingtech

    Feb 25, 2011
    Likes Received:
    Looking at a fresh deployment using Elastix in our office with 10 extensions.

    Looking for OPTIMAL placement of the PBX in the network. ( SEE IMAGE BELOW or at: ... sk_Setup... )

    We are ONLY using SIP trunks.
    We have 2 internet connections (50MB Fiber and 40MB DSL).
    Firewall supports FAILOVER, so if 50MB Fiber goes down, it forces out 40MB DSL.

    Since we are using SIP trunks, it seems like it would be most lucrative to have Elastix on the DMZ which would rule out any possible NAT or Port Forwarding issues between the SIP Trunk Provider and our PBX. HOWEVER -- All of our phones are on a POE switch on the PHONES (LAN 2) Interface of our firewall, and routing on Firewall between LAN2 and DMZ might cause issues? Obviously I would want to pay extra attention securing the box if it is put on public IP.

    We are using a Dell 1950. This server has DUAL NICs so I am wondering if it is possible or advised to utilize both NICs? 1 on the LAN2 (Phones) , the 2nd NIC would have a public IP on DMZ.

    Essentially this would create the direct link between the SIP TRUNK provider out NIC 2, and the phones would connect to the box through the switch on NIC1.

    If this is not advised, I suppose placing the box on the "Phone Switch" would be ideal? However, since using SIP TRUNK and Elastix would then be behind a FIREWALL -- would I have to pay special attention setting up NAT=YES etc.. in the sip_nat.conf ???


  2. fmvillares

    Sep 8, 2007
    Likes Received:
    if only using sip with registration from inside and no connectios to the pbx (extensions from the internet side) let it rest in LAN zone...dmz is for accepting incoming connections etc as is a more permissive zone and all traffic is open from the internet to the server putting it in security risks if you dont know about asterisk and linux security

Share This Page