I just curious if there is a workaround to have separate external IP specifically for remote extensions?
The problem is that standard Asterisk setup assumes single external IP setup only that is used in SIP headers. My SIP trunks (to providers) are connected via dedicated NAT 1:1 IP as non-NAT trunks via special low-latency but narrow-band line. For the security, reliability and available band reasons I would have my remote extensions connected via another external IP address via “regular” (1-to-many) NAT. Is it possible?
As a side note, IAX2 for my remote extensions is available.
How it behaves now: when I forward IAX2 port through the “first” IP (dedicated IP set as external IP in SIP config) it works. When I try to forward IAX2 port through the “second” IP, it does not. Extension can’t register.
I would think so, but your 1:1 NAT is still a NAT connection, so setting the system up understanding that NAT is NAT should be possible. The place you’re going to run into challenges is the external address for the phones.
If I was doing it, I’d start with Firewall rules that pass the traffic from the 2nd external address pointing to the internal address on the machine. The place where this scheme gets sketchy is the connection back to the original phone - using a default route on your external router would likely route the call out with a different external address yielding an open-jawed route.
If you set up the external address with a VPN connection, you could easily set up what you are functionally looking for.