Most corporate VoIP users are focused on running voice over secure intranets, usually via a VPN. However, VoIP on the Internet is often viewed as difficult or risky.

"We didn't even try to do IP voice outside our corporate network," says Doug Haluza, director of engineering and new technology at Lexent Technologies an electrical services firm in New York. "There are just too many security hassles associated with opening the network up to the Internet, and with long-distance costing just 5 cents a minute, there's no ROI worth the hassles."

True, VoIP over the Internet is riskier, says Steven Taylor, president of Distributed Network Architects, but, he adds: "The bad news about staying off the Internet, though, is you don't have connectivity to everyone in the world. It's definitely a trade-off."

Now a couple of startups, Ridgeway Systems & Software and Kagoor Networks are offering security tools designed to secure Internet VoIP traffic.

Ridgeway offers the IPFreedom products to let voice streams traverse multiple firewalls securely and with little to no performance degradation.

Firewalls pose problems for VoIP packets crossing non-associated networks, such as those between business partners, unless partners use the same firewall, configured exactly the same. A partner's firewall might view a VoIP call as unsolicited traffic and block it. Or, if a company is using network address translation (NAT) - internal private IP addresses - discrepancies between packets' internal and header addresses can occur, causing packets to be dropped.

With IPFreedom, business partners install client software that communicates with the Ridgeway server. The server software does the necessary address translations, and because the clients and servers have an established TCP session, their call notifications can get through the firewalls without being blocked. Once a call is in progress, the equipment uses just two firewall ports to shuttle traffic through, ensuring security.

Ridgeway says corporate VoIP customers typically pay US$125 per IPFreedom client, but volume discounts are available.

Kagoor provides similar capabilities through its VoiceFlow series of products. Kagoor is targeting service provider networks, with the idea that carriers could use the Kagoor software to offer similar firewall traversal and NAT services to corporate customers.