We continue to get a lot of questions about SIP trunks and how best to use them on ShoreTel. Our preferred strategy at this point, is to focus on a TIE line solution that brings both off premise extensions and DID numbers into the ShoreTel. Many branch offices, for example, are just not able to justify even an SG30V to support 8 extensions. Creating a SIP Tie line strategy to deal with these situations is both economical and appropriate.
Not withstanding the usual DrVoIP speech on WAN connectivity, QOS and SLA it is very possible to setup a remote office on a shoe string budget. Using a appliance from Siplistic, we were able to plant a node at the end of a VPN between the HQ and the remote office. Then, create a SIP tie-line between an SG HQ switch and the remote Siplistic appliance. The remote office should have local Internet access in addition to the VPN back to the HQ site. In this way, the Siplistic appliance can setup a "peer" with the ITSP, bring in both local dial tone and DID numbers while also providing SIP extensions off the ShoreTel HQ site, to that location. The basic Siplistic appliance comes bundled with your choice of a DID number, a four channel "peer" and support for 10 Extensions. The DID cost about $5 a month and the "peer" is a flat rate.
Meanwhile back at the mothership, you have created a new trunk group, provisioned static trunks for that group and pointed them to the remote site appliance. The trunk group is accessible for "dial x" by authorized User Groups like any other ShoreTel trunk Group and is even considered for inclusion in Least Cost Routing. It can also be part of the dialing plan and includes a list of the off premise extensions in the branch office. If you want those OPX's to have mailboxes on the HQ switch you will need to do some digit translation and call forwarding, or you can just let the branch appliance support VM for those users. We have been testing a Siplistic solution that is actually deployed on a ShevvaPlug (see also: http://www.blog.drvoip.com/shoretel-compatible-audio-conference-bridge-on-a-plug-server ) if you can believe that!
SIP firewall traversal is the major stumbling block for most implementations. You can get lost in a CISCO CUBE or other border controller, or you get configured using a STUN server solution. Port 5060 is as subject to hacking as your Webserver Port 80, but somehow we manage to survive! Most SIP registrations and RDP streams run on UDP which, unlike TCP, is connectionless and less hackable. Most SIP hacking happens because people do not use strong passwords. Even high school level hackers are using SIPVicious to scan for open 5060 ports and then scripting for log in and password. The wild west of the Internet, but at the end of the day, SIP is a real solution and there is no reason you can't interconnect SIP DID's to a ShoreTel.
The embedded video is just a trailer for a new 45 tutorial on ShoreTel SIP configuration we have added to the DrVoIP video library!
http://youtu.be/qymOF9zjhio