Remote Office Connection without VPN

Figure 1: Branch office and headquarters VoIP LANs interconnected across the internet

Download PDF Version

The cost of maintaining dedicated telephone connections between branch offices and headquarters can be significant.  Each branch office needs a dedicated multiline voice connection to the main office, typically T1 or T3. A connection between each branch office may also be required.

If all branches need to be interconnected, an ever increasing number of connections are required.  For example, a single branch office (two locations) requires one connection, two branch offices require three connections, and nine branch offices (10 locations) require 45 connections.

A centrally located IP-PBX cluster can manage all voicemail and another telephone functions for headquarters and for all branch offices. Connectivity between each branch office and the central IP-PBX is achieved through the internet. A limited number of local PSTN connections can be retained for business continuity in the event of a failed internet connection.

The challenge to extending the VoIP system across the internet between branches and headquarters is ensuring security for the network and privacy for conversations. One way to achieve these security functions is by protecting intraoffice communications with a VPN. However, this requires one VPN account per trunk, which requires powerful VPN servers when large numbers of locations are involved. VPN connections add overhead to the internet connection which consumes bandwidth. Upgrades and additional configuration to routers, firewalls, and other network components may be required to obtain a fully functional and efficient VoIP system.  VPNs can be tedious to setup for a VoIP system, and may require special configuration for each user.

An alternative to using VPNs to secure the VoIP system between offices is to deploy SBCs to interconnect VoIP LANs across the internet.  SBCs are installed at the edge of each LAN and work transparently, with no need to configure individuals’ equipment.  This requires less powerful servers and much less configuration and management compared to VPNs.  The SBC protects the network from security threats, and can offer voice encryption, increasing the level of voice privacy.

Firewalls and Network Address Translation (NAT) impede the flow of VoIP traffic between the corporate network and SIP trunks.  An SBC is the best way to solve these network transversal challenges because it allows VoIP traffic to pass between the corporate LAN and the internet without exposing the corporate network through the opening of ports in the firewall.

Although SIP is a standard, the many ways in which it can be implemented can lead to incompatibilities between SIP devices such as phone handsets from a variety of vendors, the IP-PBX, and the SIP trunk provider.  The SBC normalizes SIP, transparently translating each variety of SIP into the appropriate format for each device.

Using an SBC to manage intraoffice voice connections offers a robust solution with lower equipment costs, and with less disruption to the network and to users, than using a VPN to accomplish the same thing.

For a typical small-to medium-sized business installation, the Sangoma eSBC has ample capacity to handle the call load. For large call volumes, the Sangoma carrier-class NetBorder SBC may be suitable.

In cases where SIP trunks are installed for outside telephone connections, each office location can connect directly to the PSTN using of VoIP gateway such as the Sangoma Vega series.

SBC Hardware Models

VoIP Protection at its Best Do you have a legacy phone system, such as a TDM PBX and are thinking about adding a Voice-over-IP connection to reduce telephony costs? Well if so, don’t make the most common mistake of using you’re the network’s firewall for voice security – You need a device calls a […]


Vega Enterprise SBC for the SMB

Vega Enterprise SBC for the Small Business: Your Firewall for VoIP Networks Supports 5-60 simultaneous sessions/calls Migrate to SIP trunking or Hosted PBX securely Empower remote workers Interoperates with all major IP PBXs and UC systems, Including Asterisk®, BroadSoft®, Cisco®, Denwa®, Elastix®, FreePBX®, FreeSWITCH®, Gamma®, Lync®, Samsung®, 3CX® and more DoS/DDoS attack protection Network interconnect […]


NetBorder Carrier SBC

NetBorder Carrier SBC: Carrier Grade Security and Interoperability 250 to 4,000 sessions, field upgradeable Allow any SIP CPE endpoint to safely connect with no interop concerns Connect VoIP islands together to create “all IP” infrastructure Mediate communications with other service providers Provides security for internal and external threats Dual redundant PSU available – DC and AC […]


Vega Enterprise SBC VM/Hybrid

Vega Enterprise SBC VM/Hybrid: The Flexibility, Redundancy and Durability of a VM-Ready Solution with the Scalability of a Hardware-Based Solution Supports 25-500 Simultaneous Sessions Field Upgradeable Browser-Based GUI for easier provisioning and management Security and QOS for Enterprise Networks DoS/DDoS Attack Protection Network Interconnect Point for SIP Trunking Topology Hiding for Fraud Protection UNIQUE HYBRID FEATURES […]

Vega Enterprise SBC VM/Software

Virtual Machine VoIP Protection at its Best As the demand for virtualized infrastructures increases, the Sangoma Enterprise Virtual Machine (VM) SBC is the perfect solution for Enterprises and Carriers who need an SBC to secure their VoIP network and utilize existing hardware. The virtual Machine edition of our award-winning SBC offers the same rich […]


Vega Enterprise SBC

Vega Enterprise SBC: Security and Interoperability for the Enterprise Scalability from 25–250 sessions/calls (field upgradeable) All-in-one appliance for SIP and TDM connections Traffic visualization tools Cost-effective session-based licensing (no hidden fees) Enterprise inter-site networking and SIP trunking border control Local security management for SMBs and small enterprises Hardware-based transcoding Qualified for Microsoft® Lync® and Skype for Business® […]