Specifications

MBG Engineering Guidelines, Release 8.0

If WiFi sets are to be used, the router or a separate WiFi access point must also provide 802.11 b/g/n.

The router must control the Internet connection in order for multiple devices to share the connection. When using

desktop phones, the use of USB PPPoE/PPPoA modems, USB 3G/4G modems, etc are not supported as they

do not provide a port to plug in the phone. However, such devices can be used with softphones running on the

PC if no other devices need to share the internet connection of the PC. A similar caveat applies to any service

that requires software to be loaded on the PC, such as AOL Broadband. It cannot be used with a desktop device,

but can possibly be used with a softphone application such as Mitel Unified Communicator Advanced.

Note: the remote site may have a dynamic IP address. However, if the address changes during a call, the call

will drop and all devices at the site must re-register with MBG to restore service.

VPN Connectivity

Connecting a PC to the second Ethernet port on the back of a Mitel IP phone does not provide the PC with a

VPN connection to the office network. That connection must still be made by use of the organization's supported

VPN client software. This ensures that security of the corporate network is maintained when using Mitel Border

Gateway.

A gateway-to-gateway VPN can be constructed between branch offices (or homes) and the main office, if

desired, such that all the PCs in the remote office have full access to the corporate LAN. However, Mitel advises

that only non-voice traffic be routed across the VPN; voice traffic between sets and the MBG should traverse the

Internet whenever possible. Routing real-time voice protocols across a VPN can result in degraded service.

Mitel Standard Linux, upon which MBG runs, does provide a PPTP VPN service. If desired, the MBG server can

be used as a VPN concentrator for access to the corporate network. However, a VPN is not required to use the

features of MBG itself. For more details, please see the Mitel Standard Linux Installation & Administration Guide

(available from http://edocs.mitel.com/).

Using an Existing VPN

Using the Mitel Border Gateway does not affect any existing VPN client software (e.g. IPSEC road warrior

connection) installed on the remote PC. The PC should be connected to either the second Ethernet port of the IP

phone or directly to the router and the existing software should be used as before.

Note: VPN (e.g.IPSEC) pass-through must be supported by the router at the remote site.

Corporate Firewall & Network Configuration for VPN Access

The corporate office firewall may need to be reconfigured to allow other traffic from the MSL server to the internal

network if the MSL server is used as a VPN server. The ports and protocols required will depend on the

applications used by the client PCs and this configuration is outside the scope of this document.

More information on firewall configuration can be found in 3.3 Firewalls (DMZ deployment) and

Appendix A: Firewall Configuration Reference.

Bandwidth Requirements for the Remote Site

This section analyzes bandwidth requirements of the remote site using the Mitel Border Gateway. Typically, there

will be other requirements for Internet access, and these requirements (such as e-mail, web browsing, e-