Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

5 posts

Wannabe Geek

# 177584 7-Aug-2015 14:02
Send private message

Hi folks.

This is Voip/Network issue.
I have been with 2talk at home for about a year now and have finally realised I probably have zero security!
My setup: Vodafone cable modem->Cisco SPA122 ATA (hooked up to old cordless analog phone set)->Airport Extreme (in bridge mode) extended with an airport express.

I think need a firewall! The airport xtreme does supposedly have a basic firewall in it, but this apparently gets disabled when swithced to bridge mode. I elected to put the SPA122 before the Aiport extreme because I had read of dropouts when trying to run the voip hardware from the Airport base and never actually paid any more attention that that (was more worried about getting the phone working at that point in time!)

Could/Should I put the SPA122 into bridge mode, let the Airport do the NAT and run the SPA122 off the airport? If I do this, the firewall would be enabled again, but would I need to set something up in that firewall to make sure the voip traffic is handled properly? (I understand there are very few configurable options on that basic inbuilt firewall).

Can someone provide some advice? I'm happy to buy some gear, not necessarily looking for the cheapest gear, it'll cost what it costs. We already had the Airport base when we ditched the old phone line so it was just easy to keep using it. I can handle the thought of manually configuring stuff if required.

Our home requirements are fairly standard, probably about 6 mobile devices, a couple smart tv's and 2 mac's mostly running off wi-fi right now.

Thanks :)

Create new topic
27961 posts

Uber Geek
+1 received by user: 7453

Biddle Corp
Lifetime subscriber

  # 1360707 7-Aug-2015 14:52
Send private message

You should use the Airport as your firewall/router and then plug the SPA122 in behind that. There is no need for bridge mode.

If you had issues with that in the past you need to look at your configuration to work out what was wrong.

5 posts

Wannabe Geek

  # 1360713 7-Aug-2015 14:59
Send private message

Ok, thanks I'll give that a shot. I always had the impression that wouldn't work without enabling stuff like port forwarding etc etc, then there's the head spinning double NAT...
I'll post back if things come unstuck :)


5 posts

Wannabe Geek

  # 1361106 8-Aug-2015 12:20
Send private message

Ok, my phone appears to be working now positioned after my Airport, but I can't bring up the web interface through my network.
I can only access it via a direct Ethernet connection to my laptop. I am using the New IP address given by query from the attached phone. The admin password has been changed from its default setting. I can ping the SPA122 and I downloaded an app called Fing to see what it picked up, it sees the device and knows it's Cisco h/w.

Any ideas? It has to be seeing the internet or my calls wouldn't be getting through!

4064 posts

Uber Geek
+1 received by user: 1762


  # 1361139 8-Aug-2015 13:46
Send private message

Because you are trying to connect to the 'WAN' of the SPA122 it will block access by default. You will want to set your SPA to 'bridge mode' so that the ethernet ports just act as a switch instead of a router.

5 posts

Wannabe Geek

  # 1361164 8-Aug-2015 14:52
Send private message

Thanks, I did have it in bridge mode.
I found my problem after a bit more research, there is an option to allow remote management via the WAN port. I found this and enabled it and I'm now good to go (you can specify an IP address or a range so I will lock that down to suit).

Thanks all for your help. I'll work out over the next few days if my calls are all good (no drop outs or missed calls etc)

5 posts

Wannabe Geek

  # 1361303 8-Aug-2015 21:34
Send private message

A few last comments in case anyone refers here in the future; as part of this exercise l ended up having to reset to factory defaults (my own fault, messed something up)

A few things proved useful: with SPA122 set up in bridge mode after the airport base station using ****110# from the phone connected to the ATA gives you an IP address for the WAN port which you can't actually get into at first. Using ****210# gives you the address for the LAN port that you need to use.

After auto provisioning, I did not go back to the voice->provisioning options and change the option to enable provisioning to 'no'. Same for the option to enable firmware updates. This caused a bit more confusion because after a final reboot of the equipment when I thought I was done this afternoon, I found I had lost my password change and my change to allow remote management via the WAN port. It must have re-downloaded the 2talk file and changed those settings back to the 2talk defaults. After setting those 2 automatic update options to 'no' I re-applied the password change and went back into Administration->Management->Web Access Management and enable remote access and rebooted again to satisfy myself that things were settled.

Lastly, once you're happy enough, remember to backup your configuration!

27961 posts

Uber Geek
+1 received by user: 7453

Biddle Corp
Lifetime subscriber

  # 1361308 8-Aug-2015 22:06
Send private message

The SPA122 features a router so WAN access is disabled by default for security purposes. 99% of people purchasing an ATA would simply get a SPA112 as the router functionality would very rarely ever be used so it's not worth paying the extra $ for it.

If WAN access isn't unblocked and the device is in the default NAT configuration mode you can just plug into the LAN port, get a DHCP lease and log into the device. There is no need to reset it.

Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00

Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34

OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28

Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18

E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51

Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47

100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35

5G uptake even faster than expected
Posted 12-Jun-2019 10:01

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.