[cisco-voip] Home user

Jerky lists at jerkys.org
Sun Oct 21 04:29:19 EDT 2007 

Think this is what you are looking for:

http://www.cisco.com/en/US/products/ps7057/ 
products_data_sheet0900aecd80546906.html

jeff

On Oct 20, 2007, at 6:40 AM, Curt Shaffer wrote:

> I tried searching on this on cisco.com. Do you have a part number  
> or a more direct name that may help? Is this something that is  
> production ready or is it still beta quality?
>
>
>
> Thanks
>
>
>
> Curt
>
>
>
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
> bounces at puck.nether.net] On Behalf Of Scott Voll
> Sent: Wednesday, October 17, 2007 2:05 PM
> To: Jerky
> Cc: Linsemier, Matthew; cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] Home user
>
>
>
> no Cisco CPE required.
>
>
>
> ip phone
>
>   |
>
> internet connection
>
>   |
>
>   --------------------------- phone proxy
>
>   |                               |
>
>   |                                |
>
> FW / router                  |
>
>   |                                |
>
> internal network ------ voice network
>
>
>
> basically you save the money of a cisco CPE by getting the phone  
> proxy.  let the end users VPN in with the client for data purposes  
> or use Citrix to get around VPN all together.
>
>
>
> the phone proxy has a north / South interface so the only thing  
> going through it is the authenticated voice traffic.
>
>
>
> hope that's understandable.
>
>
>
> scott
>
>
>
>
>
>
>
> On 10/17/07, Jerky <lists at jerkys.org> wrote:
>
> so it would be more like this:
>
>
>
>
> Cisco 871
>
>      |
>
> DSL CABLE
>
>      |
>
> Internet
>
>      |
>
> T1 Connection (Serial0/0/0)
>
>                     |
>
>    _____ 3800 _____
>
>   |                                  |
>
> ethernet 0/0          ethernet 0/1
>
> |                                    |
>
> PIX/ASA                    3800 (Cisco 871 VPN's terminate here)
>
> |                                    |
>
> LAN(computers)       LAN (Voice)
>
>
>
>
>
>
>
> Homefully my crude diagram makes sense. Do your home users have  
> access to any data on the computer network side. Or is the 87x VPNs  
> solely for getting to the voice network If users access things on  
> the "computer" side would you have a separate tunnel setup just for  
> that?
>
>
>
>
> Thanks for so much helping enlighten me. It's been very helpful.
>
>
>
>
> jeff
>
>
>
>
>
>
>
>
>
>
> On Oct 17, 2007, at 10:19 AM, Linsemier, Matthew wrote:
>
>
>
>
> In our environment we utilize PIX firewalls (still have to upgrade  
> to ASA's) to handle our firewall needs and then use the 3800 series  
> router just to terminate the DMVPN home users.  They are deployed  
> in parallel and sit behind a perimeter screening router (another  
> 3800 series router).  We shied away from using the PIX for the  
> simple fact that while it would preserve QoS markings, we couldn't  
> do any remarking or shaping in the device.  Maybe this has changed  
> in the ASA, but I don't think you have the control like you do in  
> IOS (such as qos pre-classify, shaping, policing,  etc.).   
> Depending on how many tunnels you plan on using, you could use a  
> router much smaller than a 3800 series to terminate the end nodes.
>
>
>
> On the home user end we have the Cisco 871/877 routers configured  
> to support wired and wireless connections using three VLANS.  We  
> have a VLAN configured for corporate connectivity, one VLAN  
> configured as a voice VLAN, and then a VLAN configured for  
> untrusted traffic.  One Ethernet port on the router provides  
> connectivity to the corporate and voice VLANS, while the remaining  
> three are configured as untrusted.  Similarly with Wireless, we  
> extend PEAP authentication from the headquarters and authenticate  
> users to the corporate VLAN, and use a WPA-PSK to secure the  
> untrusted connections.  This way the users plug in their phone,  
> then their laptop/docking station to port 0, and any other home  
> devices can be connected to port 1-3 or use the wireless WPA-PSK  
> network and be logically segregated (using ACL's) from any data on  
> the corporate network.  This way we can also control QoS and mark  
> down all traffic that enters the router from the untrusted  
> network.  So when said employees son or daughter starts downing a 2  
> gig torrent from a home PC, they don't kill the voice or impact the  
> corporate workflow.  Eventually we will be implementing 802.1x on  
> the corporate port for additional security, but have had mixed  
> results of getting it to work with Windows XP.
>
>
> Hope this helps.
>
>
>
> Matt
>
>
>
>
>
> From: Jerky [mailto:lists at jerkys.org]
> Sent: Tuesday, October 16, 2007 6:32 PM
> To: Linsemier, Matthew
> Cc: Curt Shaffer; cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] Home user
>
>
>
> This has been kicked around for a while since we moved to  
> CallManager but not much thought has been given to it. I'm trying  
> to understand how your hardware is setup. How would it look,  
> similar to one of these?
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845  
> <--Ethernet--> LAN
>
>
>
> or
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845  
> <---> ASA or PIX Firewall <--Ethernet--> LAN
>
>
>
> Is the 3800 used for all your firewalling needs in lieu of  
> something like an ASA or PIX? Sonicwall's are currently in place  
> and haven't worked very well for the remote users it was tested  
> with. The Sonicwalls we have don't have anything similar to what  
> the 871's seem to have in regards to vlans and packet tagging. We  
> would probably kick the Sonicwalls out if something else would work  
> better.
>
>
>
> jeff
>
>
>
> On Oct 16, 2007, at 8:16 AM, Linsemier, Matthew wrote:
>
>
>
> We currently have about 40 production remote home teleworkers that  
> have been deployed using Cisco 871/877 wireless routers and a 7960  
> phones.  We are using a Cisco 3845 series router at the head-end so  
> that we can control QoS tagging on the egress / ingress points of  
> both sides of the VPN tunnel.  We are using a phase 2 DMVPN  
> solution dual-homed to two sites to provide secure redundant  
> connectivity.
>
>
>
> It took me a bit to tweak my router configurations (I started on  
> Cisco 831/837 routers) to get the results that we wanted, but all  
> and all our users are happy.  There is the occasional jitter and  
> packet loss (it is the Internet mind you) but g.729 is working  
> quite well coupled with business cable and DSL services.
>
>
>
> If you have any other questions, feel free to ask.
>
>
>
> Matt
>
>
>
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
> bounces at puck.nether.net ] On Behalf Of Curt Shaffer
> Sent: Monday, October 15, 2007 6:37 PM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] Home user
>
>
>
> I was wondering want everyone out there is using for the situation  
> where you have someone on your CCM or CCME that has 1 phone at a  
> home office. Something tells me an ASA is overkill and I haven't  
> found solid information that any of the 87x routers support tagging  
> QoS of packets going through the VPN tunnel. We would obviously  
> like to have QoS in place even though it's not respected at their  
> ISP just to make sure the VPN/Voice packets are leaving their  
> routers first as a best effort to get some quality.
>
>
>
> Thanks
>
>
>
>
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be  
> protected by one or more legal privileges. It is intended solely  
> for the use of the addressee identified above. If you are not the  
> intended recipient, any use, disclosure, copying or distribution of  
> this communication is UNAUTHORIZED. Neither this information block,  
> the typed name of the sender, nor anything else in this message is  
> intended to constitute an electronic signature unless a specific  
> statement to the contrary is included in this message. If you have  
> received this communication in error, please immediately contact me  
> and delete this communication from your computer. Thank you.
>
> _______________________________________________
>
> cisco-voip mailing list
>
> cisco-voip at puck.nether.net
>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be  
> protected by one or more legal privileges. It is intended solely  
> for the use of the addressee identified above. If you are not the  
> intended recipient, any use, disclosure, copying or distribution of  
> this communication is UNAUTHORIZED. Neither this information block,  
> the typed name of the sender, nor anything else in this message is  
> intended to constitute an electronic signature unless a specific  
> statement to the contrary is included in this message. If you have  
> received this communication in error, please immediately contact me  
> and delete this communication from your computer. Thank you.
>
>
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20071021/1375d7c2/attachment-0001.html

More information about the cisco-voip mailing list