Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

5 posts

Wannabe Geek

# 177584 7-Aug-2015 14:02
Send private message

Hi folks.

This is Voip/Network issue.
I have been with 2talk at home for about a year now and have finally realised I probably have zero security!
My setup: Vodafone cable modem->Cisco SPA122 ATA (hooked up to old cordless analog phone set)->Airport Extreme (in bridge mode) extended with an airport express.

I think need a firewall! The airport xtreme does supposedly have a basic firewall in it, but this apparently gets disabled when swithced to bridge mode. I elected to put the SPA122 before the Aiport extreme because I had read of dropouts when trying to run the voip hardware from the Airport base and never actually paid any more attention that that (was more worried about getting the phone working at that point in time!)

Could/Should I put the SPA122 into bridge mode, let the Airport do the NAT and run the SPA122 off the airport? If I do this, the firewall would be enabled again, but would I need to set something up in that firewall to make sure the voip traffic is handled properly? (I understand there are very few configurable options on that basic inbuilt firewall).

Can someone provide some advice? I'm happy to buy some gear, not necessarily looking for the cheapest gear, it'll cost what it costs. We already had the Airport base when we ditched the old phone line so it was just easy to keep using it. I can handle the thought of manually configuring stuff if required.

Our home requirements are fairly standard, probably about 6 mobile devices, a couple smart tv's and 2 mac's mostly running off wi-fi right now.

Thanks :)

Create new topic
28117 posts

Uber Geek

Biddle Corp
Lifetime subscriber

  # 1360707 7-Aug-2015 14:52
Send private message

You should use the Airport as your firewall/router and then plug the SPA122 in behind that. There is no need for bridge mode.

If you had issues with that in the past you need to look at your configuration to work out what was wrong.

5 posts

Wannabe Geek

  # 1360713 7-Aug-2015 14:59
Send private message

Ok, thanks I'll give that a shot. I always had the impression that wouldn't work without enabling stuff like port forwarding etc etc, then there's the head spinning double NAT...
I'll post back if things come unstuck :)


5 posts

Wannabe Geek

  # 1361106 8-Aug-2015 12:20
Send private message

Ok, my phone appears to be working now positioned after my Airport, but I can't bring up the web interface through my network.
I can only access it via a direct Ethernet connection to my laptop. I am using the New IP address given by query from the attached phone. The admin password has been changed from its default setting. I can ping the SPA122 and I downloaded an app called Fing to see what it picked up, it sees the device and knows it's Cisco h/w.

Any ideas? It has to be seeing the internet or my calls wouldn't be getting through!

4127 posts

Uber Geek

  # 1361139 8-Aug-2015 13:46
Send private message

Because you are trying to connect to the 'WAN' of the SPA122 it will block access by default. You will want to set your SPA to 'bridge mode' so that the ethernet ports just act as a switch instead of a router.

5 posts

Wannabe Geek

  # 1361164 8-Aug-2015 14:52
Send private message

Thanks, I did have it in bridge mode.
I found my problem after a bit more research, there is an option to allow remote management via the WAN port. I found this and enabled it and I'm now good to go (you can specify an IP address or a range so I will lock that down to suit).

Thanks all for your help. I'll work out over the next few days if my calls are all good (no drop outs or missed calls etc)

5 posts

Wannabe Geek

  # 1361303 8-Aug-2015 21:34
Send private message

A few last comments in case anyone refers here in the future; as part of this exercise l ended up having to reset to factory defaults (my own fault, messed something up)

A few things proved useful: with SPA122 set up in bridge mode after the airport base station using ****110# from the phone connected to the ATA gives you an IP address for the WAN port which you can't actually get into at first. Using ****210# gives you the address for the LAN port that you need to use.

After auto provisioning, I did not go back to the voice->provisioning options and change the option to enable provisioning to 'no'. Same for the option to enable firmware updates. This caused a bit more confusion because after a final reboot of the equipment when I thought I was done this afternoon, I found I had lost my password change and my change to allow remote management via the WAN port. It must have re-downloaded the 2talk file and changed those settings back to the 2talk defaults. After setting those 2 automatic update options to 'no' I re-applied the password change and went back into Administration->Management->Web Access Management and enable remote access and rebooted again to satisfy myself that things were settled.

Lastly, once you're happy enough, remember to backup your configuration!

28117 posts

Uber Geek

Biddle Corp
Lifetime subscriber

  # 1361308 8-Aug-2015 22:06
Send private message

The SPA122 features a router so WAN access is disabled by default for security purposes. 99% of people purchasing an ATA would simply get a SPA112 as the router functionality would very rarely ever be used so it's not worth paying the extra $ for it.

If WAN access isn't unblocked and the device is in the default NAT configuration mode you can just plug into the LAN port, get a DHCP lease and log into the device. There is no need to reset it.

Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01

Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46

Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29

Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41

Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26

University of Waikato launches space for esports
Posted 19-Aug-2019 20:20

D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14

Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47

Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41

Epson launches portable laser projector
Posted 12-Aug-2019 20:27

Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20

Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26

The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57

Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43

Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.