How to connect a remote extenson that;s behind 3 Private NATs

I have a user that moved to the boonies. The only internet provider is a small company. The extension in question is behind 3 private NATs, so I don’t have a way to do port forwarding.

I tried the new Grandstream phone that has an embedded VPN client. After a month of trials and paid support, I discarded this phone as an alternative.

My FreePBX system (in our headquarters) is behind a NAT/Firewall (Checkpoint 1000N).

  • Can anyone suggest a way to connect this remote extension to the network?
  • Do you know a reliable phone with embedded VPN? I cannot use the Cisco phones because I uderstand they are not compatible with my Checkpoint 1000N router/firewall.



I think you are out of luck. You may be able to find a VPN client adapter that will work if the three routers doing NAT support IPSEC traversal and the Checkpoint supports aggressive mode IKE.

Is this connection even suitable for VoIP?

The connection is suitable for VOIP.

I’ll look into the VPN client adapter. I did look before but couldn’t find one that supports L2TP (only found p2pp) which is the protocol that my Checkpoint supports.

Thanks SkykingOH.

We’ve used SNOM phones with OpenVPN to traverse single NAT on both ends (port forwarding on the PBX end). I don’t know whether it would work over triple NAT.

OpenVPM is SSL and won’t work with Checkpoint. They would have to have OpenVPN server on other end.

I have not had good luck with l2tp and dynamic IP’s + NAT. Usually only use it when I have static at both ends. To me it’s just glorified GRE.