[cisco-voip] Home user
Michael Thompson
mthompson729 at gmail.com
Wed Oct 24 19:57:10 EDT 2007
keep in mind, this proxy is just relaying the traffic. It is NOT addressing
any QoS issues with SoHo work.
On 10/21/07, Jerky <lists at jerkys.org> wrote:
>
> Think this is what you are looking for:
>
>
>
> http://www.cisco.com/en/US/products/ps7057/products_data_sheet0900aecd80546906.html
>
>
> jeff
>
> On Oct 20, 2007, at 6:40 AM, Curt Shaffer wrote:
>
> I tried searching on this on cisco.com. Do you have a part number or a
> more direct name that may help? Is this something that is production ready
> or is it still beta quality?
>
>
>
> Thanks
>
>
>
> Curt
>
>
>
> *From:* cisco-voip-bounces at puck.nether.net [
> mailto:cisco-voip-bounces at puck.nether.net<cisco-voip-bounces at puck.nether.net>]
> *On Behalf Of *Scott Voll
> *Sent:* Wednesday, October 17, 2007 2:05 PM
> *To:* Jerky
> *Cc:* Linsemier, Matthew; cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Home user
>
>
>
> no Cisco CPE required.
>
>
>
> ip phone
>
> |
>
> internet connection
>
> |
>
> --------------------------- phone proxy
>
> | |
>
> | |
>
> FW / router |
>
> | |
>
> internal network ------ voice network
>
>
>
> basically you save the money of a cisco CPE by getting the phone proxy.
> let the end users VPN in with the client for data purposes or use Citrix to
> get around VPN all together.
>
>
>
> the phone proxy has a north / South interface so the only thing going
> through it is the authenticated voice traffic.
>
>
>
> hope that's understandable.
>
>
>
> scott
>
>
>
>
>
>
>
> On 10/17/07, *Jerky* <lists at jerkys.org> wrote:
>
> so it would be more like this:
>
>
>
>
> Cisco 871
>
> |
>
> DSL CABLE
>
> |
>
> Internet
>
> |
>
> T1 Connection (Serial0/0/0)
>
> |
>
> _____ 3800 _____
>
> | |
>
> ethernet 0/0 ethernet 0/1
>
> | |
>
> PIX/ASA 3800 (Cisco 871 VPN's terminate here)
>
> | |
>
> LAN(computers) LAN (Voice)
>
>
>
>
>
>
>
> Homefully my crude diagram makes sense. Do your home users have access to
> any data on the computer network side. Or is the 87x VPNs solely for getting
> to the voice network If users access things on the "computer" side would you
> have a separate tunnel setup just for that?
>
>
>
>
> Thanks for so much helping enlighten me. It's been very helpful.
>
>
>
>
> jeff
>
>
>
>
>
>
>
>
>
>
> On Oct 17, 2007, at 10:19 AM, Linsemier, Matthew wrote:
>
>
>
> In our environment we utilize PIX firewalls (still have to upgrade to
> ASA's) to handle our firewall needs and then use the 3800 series router just
> to terminate the DMVPN home users. They are deployed in parallel and sit
> behind a perimeter screening router (another 3800 series router). We shied
> away from using the PIX for the simple fact that while it would preserve QoS
> markings, we couldn't do any remarking or shaping in the device. Maybe this
> has changed in the ASA, but I don't think you have the control like you do
> in IOS (such as qos pre-classify, shaping, policing, etc.). Depending on
> how many tunnels you plan on using, you could use a router much smaller than
> a 3800 series to terminate the end nodes.
>
>
>
> On the home user end we have the Cisco 871/877 routers configured to
> support wired and wireless connections using three VLANS. We have a VLAN
> configured for corporate connectivity, one VLAN configured as a voice VLAN,
> and then a VLAN configured for untrusted traffic. One Ethernet port on the
> router provides connectivity to the corporate and voice VLANS, while the
> remaining three are configured as untrusted. Similarly with Wireless, we
> extend PEAP authentication from the headquarters and authenticate users to
> the corporate VLAN, and use a WPA-PSK to secure the untrusted connections.
> This way the users plug in their phone, then their laptop/docking station to
> port 0, and any other home devices can be connected to port 1-3 or use the
> wireless WPA-PSK network and be logically segregated (using ACL's) from any
> data on the corporate network. This way we can also control QoS and mark
> down all traffic that enters the router from the untrusted network. So when
> said employees son or daughter starts downing a 2 gig torrent from a home
> PC, they don't kill the voice or impact the corporate workflow. Eventually
> we will be implementing 802.1x on the corporate port for additional
> security, but have had mixed results of getting it to work with Windows XP.
>
>
> Hope this helps.
>
>
>
> Matt
>
>
>
>
>
> *From:* Jerky [mailto:lists at jerkys.org <lists at jerkys.org>]
> *Sent:* Tuesday, October 16, 2007 6:32 PM
> *To:* Linsemier, Matthew
> *Cc: *Curt Shaffer; cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Home user
>
>
>
> This has been kicked around for a while since we moved to CallManager but
> not much thought has been given to it. I'm trying to understand how your
> hardware is setup. How would it look, similar to one of these?
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845
> <--Ethernet--> LAN
>
>
>
> or
>
>
>
> 87x router <---DSL or Cable---> INTERNET <--T1 connection---> 3845 <--->
> ASA or PIX Firewall <--Ethernet--> LAN
>
>
>
> Is the 3800 used for all your firewalling needs in lieu of something like
> an ASA or PIX? Sonicwall's are currently in place and haven't worked very
> well for the remote users it was tested with. The Sonicwalls we have don't
> have anything similar to what the 871's seem to have in regards to vlans and
> packet tagging. We would probably kick the Sonicwalls out if something else
> would work better.
>
>
>
> jeff
>
>
>
> On Oct 16, 2007, at 8:16 AM, Linsemier, Matthew wrote:
>
>
>
> We currently have about 40 production remote home teleworkers that have
> been deployed using Cisco 871/877 wireless routers and a 7960 phones. We
> are using a Cisco 3845 series router at the head-end so that we can control
> QoS tagging on the egress / ingress points of both sides of the VPN tunnel.
> We are using a phase 2 DMVPN solution dual-homed to two sites to provide
> secure redundant connectivity.
>
>
>
> It took me a bit to tweak my router configurations (I started on Cisco
> 831/837 routers) to get the results that we wanted, but all and all our
> users are happy. There is the occasional jitter and packet loss (it is the
> Internet mind you) but g.729 is working quite well coupled with business
> cable and DSL services.
>
>
>
> If you have any other questions, feel free to ask.
>
>
>
> Matt
>
>
>
> *From: *cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net
> <cisco-voip-bounces at puck.nether.net>] *On Behalf Of *Curt Shaffer
> *Sent:* Monday, October 15, 2007 6:37 PM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] Home user
>
>
>
> I was wondering want everyone out there is using for the situation where
> you have someone on your CCM or CCME that has 1 phone at a home office.
> Something tells me an ASA is overkill and I haven't found solid information
> that any of the 87x routers support tagging QoS of packets going through the
> VPN tunnel. We would obviously like to have QoS in place even though it's
> not respected at their ISP just to make sure the VPN/Voice packets are
> leaving their routers first as a best effort to get some quality.
>
>
>
> Thanks
>
>
>
>
> ------------------------------
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be
> protected by one or more legal privileges. It is intended solely for the use
> of the addressee identified above. If you are not the intended recipient,
> any use, disclosure, copying or distribution of this communication is
> UNAUTHORIZED. Neither this information block, the typed name of the sender,
> nor anything else in this message is intended to constitute an electronic
> signature unless a specific statement to the contrary is included in this
> message. If you have received this communication in error, please
> immediately contact me and delete this communication from your computer.
> Thank you.
> ------------------------------
>
> _______________________________________________
>
> cisco-voip mailing list
>
> cisco-voip at puck.nether.net
>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> ------------------------------
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be
> protected by one or more legal privileges. It is intended solely for the use
> of the addressee identified above. If you are not the intended recipient,
> any use, disclosure, copying or distribution of this communication is
> UNAUTHORIZED. Neither this information block, the typed name of the sender,
> nor anything else in this message is intended to constitute an electronic
> signature unless a specific statement to the contrary is included in this
> message. If you have received this communication in error, please
> immediately contact me and delete this communication from your computer.
> Thank you.
> ------------------------------
>
>
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20071024/08206a18/attachment-0001.html
More information about the cisco-voip
mailing list