Chapter 1. Introduction to 3Com VCX IP
Telecommuting Module
Someof the functions of 3Com VCX IP Telecommuting Module are:
•SIPproxy: Forwarding of SIP requests.
•Protectionagainst such attacks as address spoofing.
•Logging/alarmlocally on the Telecommuting Module, via email and/or via syslog.
•Managingseveral logical/directly-connected networks and several network connections/physical networks.
•Administrationof the Telecommuting Module through a web browser using http or https.
•Failover- connect two Telecommuting Modules in parallel; one handles traffic and the other acts as a hot standby.
•STUNserver and Remote SIP Connectivity for SIP clients behind NAT boxes which are not SIP aware (using the
RemoteSIP Connectivity module).
Notethat some of the functions mentioned here are only available if the corresponding extension module has been
installed.
What is a Telecommuting Module?
ATelecommuting Module is a device which processes traffic under the SIP protocol (see RFC 3261). The
TelecommutingModule receives SIP requests, processes them according to the rules you have set up, and forwards
themto the receiver.
TheTelecommuting Module connects to an existing enterprise firewall through a DMZ port, enabling the
transmissionof SIP-based communications without affecting firewall security. SIP messages are then routed
throughthe firewall to the private IP addresses of authorized users on the internal network.
TheTelecommuting Module can also be used as an extra gateway to the internal network without connecting to the
firewall,transmitting only SIP-based communications.
Configuration alternatives
The3Com VCX IP Telecommuting Module can be connected to your network in three different ways, depending
onyour needs.
Notethat the interface which should receive traffic from the outside must have a public IP address (no NAT),
regardlessof which Telecommuting Module Type was selected. For a DMZ or DMZ/LAN type, this means that
theinterface connected to the DMZ of the firewall must have a public IP address.
DMZ Configuration
Usingthis configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it
withonly one interface. The SIP traffic finds its way to the Telecommuting Module using DNS or by setting the
TelecommutingModule as an outbound proxy on the clients.
Thisis the most secure configuration, since all traffic goes through both your firewall and your Telecommuting
Module.It is also the most flexible, since all networks connected to any of your firewall’s interfaces can be
SIP-enabled.
Thedrawback is that the SIP traffic will pass the firewall twice, which can decrease performance.
1