[cisco-voip] Home user

Jerky lists at jerkys.org
Wed Oct 17 03:02:25 EDT 2007 

I haven't been particularly fond of the Sonicwalls either but they  
pre-date me and have been inherited.

currently it looks like this:
Sonicwall (10 user type)ß-DSL or Cable-à INTERNET ß---T1 Internet-- 
à26xx router ß--Ethernet---àSonicwall (VX/PRO type)ß--- LAN
                                                      |______ß--- DMZ  
network

I'll have to take a closer look at a 2800 router for this. I have one  
available that I typically use in the voice lab. Should the 2800 be  
able to handle things like setting up a DMZ and one-to-one NAT  
mappings (I'm not sure if that is the same term used in the Cisco  
world for it) to internal hosts. From the initial reading I've done  
about it seems there's a fine line between the firewall appliances  
like the Sonicwall and ASA or PIX and 2800/3800 routers since it  
seems the ISRs have hardware level encryption built in.

Thanks,
jeff


On Oct 16, 2007, at 6:40 PM, Curt Shaffer wrote:

> Actually due to a difference between who this customer uses for  
> Server network vs. Phone network; they have been using Sonicwall  
> for normal VPN connectivity, which I personally do not like based  
> on personal experience. But the setup will be as follows:
>
>
>
> 87x router or ASA ß-DSL or Cable-à INTERNET ß---PRI/Internet  
> connection--à2811 routerß-Phone LAN
>
>
>
> From: Jerky [mailto:lists at jerkys.org]
> Sent: Tuesday, October 16, 2007 6:32 PM
> To: Linsemier, Matthew
> Cc: Curt Shaffer; cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] Home user
>
>
>
> This has been kicked around for a while since we moved to  
> CallManager but not much thought has been given to it. I'm trying  
> to understand how your hardware is setup. How would it look,  
> similar to one of these?
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845  
> <--Ethernet--> LAN
>
>
>
> or
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845  
> <---> ASA or PIX Firewall <--Ethernet--> LAN
>
>
>
> Is the 3800 used for all your firewalling needs in lieu of  
> something like an ASA or PIX? Sonicwall's are currently in place  
> and haven't worked very well for the remote users it was tested  
> with. The Sonicwalls we have don't have anything similar to what  
> the 871's seem to have in regards to vlans and packet tagging. We  
> would probably kick the Sonicwalls out if something else would work  
> better.
>
>
>
> jeff
>
>
>
> On Oct 16, 2007, at 8:16 AM, Linsemier, Matthew wrote:
>
>
>
>
> We currently have about 40 production remote home teleworkers that  
> have been deployed using Cisco 871/877 wireless routers and a 7960  
> phones.  We are using a Cisco 3845 series router at the head-end so  
> that we can control QoS tagging on the egress / ingress points of  
> both sides of the VPN tunnel.  We are using a phase 2 DMVPN  
> solution dual-homed to two sites to provide secure redundant  
> connectivity.
>
>
>
> It took me a bit to tweak my router configurations (I started on  
> Cisco 831/837 routers) to get the results that we wanted, but all  
> and all our users are happy.  There is the occasional jitter and  
> packet loss (it is the Internet mind you) but g.729 is working  
> quite well coupled with business cable and DSL services.
>
>
>
> If you have any other questions, feel free to ask.
>
>
>
> Matt
>
>
>
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
> bounces at puck.nether.net] On Behalf Of Curt Shaffer
> Sent: Monday, October 15, 2007 6:37 PM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] Home user
>
>
>
> I was wondering want everyone out there is using for the situation  
> where you have someone on your CCM or CCME that has 1 phone at a  
> home office. Something tells me an ASA is overkill and I haven’t  
> found solid information that any of the 87x routers support tagging  
> QoS of packets going through the VPN tunnel. We would obviously  
> like to have QoS in place even though it’s not respected at their  
> ISP just to make sure the VPN/Voice packets are leaving their  
> routers first as a best effort to get some quality.
>
>
>
> Thanks
>
>
>
>
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be  
> protected by one or more legal privileges. It is intended solely  
> for the use of the addressee identified above. If you are not the  
> intended recipient, any use, disclosure, copying or distribution of  
> this communication is UNAUTHORIZED. Neither this information block,  
> the typed name of the sender, nor anything else in this message is  
> intended to constitute an electronic signature unless a specific  
> statement to the contrary is included in this message. If you have  
> received this communication in error, please immediately contact me  
> and delete this communication from your computer. Thank you.
>
> _______________________________________________
>
> cisco-voip mailing list
>
> cisco-voip at puck.nether.net
>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20071017/703fd60d/attachment-0001.html

More information about the cisco-voip mailing list