backgroundstore - Fotolia


Voice gateways provide powerful connectivity options

Voice gateways connect VoIP networks to telecom providers and analog phones, while also providing backup call support. But these sensitive devices need proper security.

A voice gateway is one of the most important components within a voice over IP infrastructure. The voice gateway is used to connect the enterprise VoIP network with the telecommunications provider, using a number of different connectivity methods, such as PSTN, ISDN and SIP.

In many cases, voice gateways are also used as "interfacing devices" between old analog devices and the VoIP infrastructure. Some examples include fax machines, security alarm systems and analog phones. These devices normally require a PSTN line to work. In these cases, the voice gateway can simulate a PSTN line connecting the analog device to the VoIP network via an FXS port as shown in the diagram below.

Voice gateways support a variety of protocols, allowing easy integration with any type of VoIP infrastructure. SIP voice gateways are very popular and usually compatible with all VoIP telephony vendors since SIP is the preferred protocol for VoIP communications.

Voice gateways connectivity options
Voice gateways connect to SIP, PSTN/ISDN providers and analog phones.

Other protocols supported by voice gateways are H.323 and Media Gateway Control Protocol (MGCP). Whether your organization will use a SIP, H.323 or an MGCP voice gateway will depend on the VoIP service purchased and its compatibility with these voice gateway protocols.

SIP voice gateways are very common in the VoIP market, while the less popular H.323 voice gateways require more complex configuration as they must maintain the dial plan and route patterns. MGCP voice gateways, usually paired with Cisco Unified Communications Manager, require minimum setup as all dial plans and call routing functions are managed by CallManager, making them easier to install in a Cisco VoIP infrastructure.

Providing vital backup call processing

While voice gateways connect the VoIP network with the outside world, they also perform another important function. They can serve as a backup call processing system in case the primary call processing system fails or connectivity with it is lost. This is known as Survivable Remote Site Telephony (SRST).

Voice gateways are sensitive and important devices, so make sure vendor guidelines and best security practices are followed.

IP phones usually register with the central call processing system and are configured to register with the local voice gateway in case the central system is down or unreachable due to a WAN/LAN link failure. When an IP phone detects that it has lost connectivity with the primary call processing system, it will automatically try to register with its local voice gateway, which is capable of providing basic telephony services until connectivity with the primary call processing system is restored.

This "double-role" of the voice gateway helps maximize VoIP service availability and minimize the impact that a WAN/LAN link or primary call processing system failure would have to an organization. When in SRST mode, advanced telephony services -- like presence and complex conference calling -- are not usually available.

Understanding where to deploy a voice gateway

When deploying a voice gateway, one of the most important considerations is where to place the device within the network. This depends highly on the type of voice gateway but also how it is required to connect to the telecom provider.

For example, if the voice gateway is required to have direct Internet access to connect to various SIP providers, it will likely need to be placed inside a demilitarized zone (DMZ) as shown in this diagram.

Voice gateways placement
Placing a voice gateway inside a DMZ.

On the other hand, if you don't need to connect to the Internet, then the gateway can be placed within the VoIP virtual LAN (VLAN). Whether the voice gateway is placed inside a DMZ or an isolated voice VLAN, it needs to be protected from both internal and external networks. Security policies should be in place to ensure limited access to the voice gateway only by equipment and systems that need to communicate with it.

Cisco voice gateways are routers, which means access lists can be configured to limit access. Other vendor voice gateways might have embedded firewalls that can be configured in a similar way.

Regardless of a voice gateway's placement in a network, the VoIP network and gateway need to be properly protected from the local and public networks to avoid attacks, such as toll-fraud attacks. Voice gateways are sensitive and important devices and as such, every care should be taken to ensure vendor guidelines are followed along with best security practices.

Next Steps

Design redundancy into VoIP communication systems

A buyer's guide to choosing VoIP vendors

Cost savings drive VoIP implementations

Dig Deeper on VoIP and IP telephony