[cisco-voip] Remote 7961 Phone at Someone's House - Notes forSetup!

Linsemier, Matthew MLinsemier at apcapital.com
Thu Oct 26 11:19:05 EDT 2006 

Tech Guy speaks the truth! In his post he has basically summarized all the trial and tribulations that I have went through over the course of the last few years here at my company.

 

Originally we started out with 1x PIX 501 and 1x 7960 doing “test” calls from a home.  In a matter of weeks that ballooned into “deploy PIXes to home users”, regardless of whether or not they could do any QoS (which they couldn’t).  Later we upgraded to Cisco 831/837 routers doing IPSec with QoS and our performance was spotty.  Some users experiences were great while others perceived jitter as “problems with the phone system” which of course got escalated up the chain of management. 

 

This year we did yet another upgrade to Cisco 871/877 routers, increased bandwidth where we could, implemented VLAN’s to separate corporate and home networks, introduced wireless, maximized our QoS on endpoints, and moved to the g.729 codec (g.711 was the original way Cisco touted to do it).  Things are getting increasingly better, but as Tech Guy stated, you can “QoS it to death” (I am stealing this phrase by the way) until you are blue in the face yet ultimately at the mercy of the provider and Internet.

 

Matt

 

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Tech Guy
Sent: Thursday, October 26, 2006 10:53 AM
To: Steve Miller
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Remote 7961 Phone at Someone's House - Notes forSetup!

 

This is pretty much word for word from the Cisco Mobile Worker/Office SRND from some years back, it has not been updated in some time, at least not since I last looked at it personally about a year or so ago.  I guess the one thing I noticed that changed is the router model. 

 

We deployed about 40 7960's and 837's I believe back then.  It was fairly easy and straight forward.  The 837's were configured with the ezvpn I think, and connected back to cisco concentrator over a fiber internet connection at the main office.  Of course each of the home users were on cable modems which worked out fine for us. 

 

Our issues were spotty, and I blame it on the internet completely.  I was against deploying the solution personally, because it was being deployed to sales and recruiting people who worked independtly all over the US, they are the heaviest phone users.  And yet we were giving them phone service that we simply could not quarantee, and no one in mgmt could understand why.  They would complain about the quality, ask me about it, I would tell them the issue time and time again and they didn't want to hear it, in fact they would tell me how to fix it "upgrade our bandwidth" or "upgrade their bandwidth" ughhh.. what a nightmare. 

 

Anyway, the solution is pretty much what they told you and is simple.  Basically configure the router to hand out DHCP to the devices connected to it, include the TFTP option 150 info of your callmanagers.  Make sure the router can establish a vpn connection back to the main office, and that you allow the appropriate data to pass obviously.  Router boots up, grabs internet IP on the BVI port I believe, but I don't think it establishes the VPN tunnel at this point.  I think it takes traffic "such as the phone trying to hit addresses that reside on the VPN" to cause the vpn tunnel to establish.  Anyway, so then phone boots up grabs DHCP from router, including TFTP.. then trys to hit TFTP and causes vpn tunnel to establish.  Pulls info and registers if you will with callmanager.  You can QoS it to death and it will work to some extent, but ultimately and obviously your simply at the mercy of the internet. 

 

Good luck with it.  ;-)
 

 

 

On 10/25/06, Steve Miller <millerman1 at cox.net> wrote: 

 

The following is information that I have rec'd regarding the installation of a 7961 at someone's house who is using cable or DSL.  Is there anything else that we might need to think about?  Thank you! 

 

Notes from Cisco Engineer:

 

The remote equipment at the home office would consist of a Cisco 871 router and a Cisco phone with a power block.  The Cisco 871 would function as the home office's firewall and router (and would connect to either a cable modem or a DSL modem depending on the site).  The router would be configured to have an IPSec tunnel back to the office network (most likely configured off of your existing concentrator).  The remote Cisco 871 would be configured with DHCP and have the TFTP scope option set to tell all devices the IP address of the Call Manager server (note the router has a built-in four port switch). 

  At that point, the IP Phone would register normally to the Call Manager servers using the IPSec tunnel as it's communication path.  The keepalives from the phone to the CM servers would keep the IPSec tunnel up and running 24/7. 

  The restrictions on this type of deployment are:

                        -must use G729 codec due to bandwidth restrictions

                        -extremely limited QoS control since we are going across the Internet

                        -security policies need to be visited since the remote office would have access to the corporate internal network (this one is a biggie) 

                                    -sub-issue regarding calling from home office to home office.  This is doable but adds additional security and deployment issues. 

                        -need to consider the standard IT management overhead associated with supporting home equipment. 

 

Thank you!

 


_______________________________________________
cisco-voip mailing list 
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip



 


CONFIDENTIALITY STATEMENT
This communication and any attachments are CONFIDENTIAL and may
be protected by one or more legal privileges. It is intended
solely for the use of the addressee identified above. If you
are not the intended recipient, any use, disclosure, copying
or distribution of this communication is UNAUTHORIZED. Neither
this information block, the typed name of the sender, nor
anything else in this message is intended to constitute an
electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete
this communication from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20061026/c287bd02/attachment.html

More information about the cisco-voip mailing list