<br><font size=2 face="sans-serif">Manoj,</font>
<br>
<br><font size=2 face="sans-serif">Your best solution is to do IPSEC tunnell
within a GRE tunnell. This will allow you to do EIGRP as well as
CDP works now through GRE. This can and does work across as many
vendors as you want. We are currently useing this exact setup across
atleast 10 different vendors. The only thing to be careful of is
be very picky about your vendors and make sure that the peering between
your two vendors is very good and reliable.</font>
<br>
<br><font size=2 face="sans-serif">Craig<br>
<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Manoj Kalpage"
<manoj.kalpage@gmail.com></b> </font>
<br><font size=1 face="sans-serif">Sent by: cisco-voip-bounces@puck.nether.net</font>
<p><font size=1 face="sans-serif">09/14/2006 04:44 AM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">"Linsemier, Matthew" <MLinsemier@apcapital.com></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">cisco-voip@puck.nether.net</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [cisco-voip] ISP and VPN Failover
for Call Manager based VOIPnetwork</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=3>Hi Matthew,</font>
<br><font size=3>What a wonderful reply. Thank you very much for your reply.
I was thinking in wrong way. We have just 1Mbps full duplex Internet connection
from Verizon and we are experiencing lot of voice quality issues recently.
I know now I should move to router based VPN. Can I do EIGRP between different
provide without having service agreement? What I heard I have to pay extra
money for EIGRP. After read your reply I did some research on the web and
found bellow link from Cisco. Do you think this is enough information for
me to implement VoIP environment you have suggested? </font>
<br><a href=http://www.cisco.com/warp/public/471/dcmvpn.html><font size=3 color=blue><u>http://www.cisco.com/warp/public/471/dcmvpn.html</u></font></a>
<br><font size=3>By any chance, do you have a sample configuration of your
network which I can refer?</font>
<br><font size=3> </font>
<br><font size=3>Best Regards,</font>
<br><font size=3>Manoj</font>
<br><font size=3> </font>
<br><font size=3><br>
</font>
<br><font size=3>On 9/13/06, <b>Linsemier, Matthew</b> <</font><a href=mailto:MLinsemier@apcapital.com><font size=3 color=blue><u>MLinsemier@apcapital.com</u></font></a><font size=3>>
wrote: </font>
<br><font size=2 color=#000080 face="Arial">Manoj,</font>
<p><font size=2 color=#000080 face="Arial"> </font>
<p><font size=2 color=#000080 face="Arial">Do you currently have private
lines or some other circuits interconnecting your offices or are you planning
to use VPN exclusively for voice and data? My major concern when
using a Cisco PIX for voice would be Quality of Service. While the
PIX can preserve DSCP values as they are passed across the tunnels, unless
anything has changed in 7.x, it doesn't have the ability to perform marking,
LLQ prioritization, and traffic shaping. This means that before any
traffic is passed to the PIX, the device behind it (a switch or router)
will have to perform some of these functions (say marking or traffic shaping).
In regards to LLQ you are out of luck. </font>
<p><font size=2 color=#000080 face="Arial"> </font>
<p><font size=2 color=#000080 face="Arial">For our Teleworker VPN network
we utilize a 2851 at the head-end and failover site and 871/877 routers
at our remotes. This gives us the capability to mark, LLQ, and shape
traffic at the edge, before it is passed on to the ISP. Additionally
we utilize DMVPN and GRE to maintain routing information (EIGRP) and to
dynamically handle routing changes when we loose a VPN link (say to our
head-end). I think you can do some least cost routing type things
on the PIX to achieve the same effect, but it's much easier in IOS. </font>
<p><font size=2 color=#000080 face="Arial"> </font>
<p><font size=2 color=#000080 face="Arial">Your ideas are sound in my opinion.
I'm sure that there are some people that are handling voice fine
using Cisco PIX's however we had mixed results when we were using them.
Once we moved to the IOS VPN several of our QoS issues were resolved.
Regardless, you always have to remember that it still is the Internet
and not a private network connection, so you get what you get. </font>
<p><font size=2 color=#000080 face="Arial"> </font>
<p><font size=2 color=#000080 face="Arial">Hope this helps,</font>
<p><font size=2 color=#000080 face="Arial"> </font>
<p><font size=2 color=#000080 face="Arial">-Matt</font>
<p><font size=2 color=#000080 face="Arial"> </font>
<div align=center>
<p>
<hr></div>
<p><font size=2 face="Tahoma"><b>From:</b> </font><a href="mailto:cisco-voip-bounces@puck.nether.net" target=_blank><font size=2 color=blue face="Tahoma"><u>cisco-voip-bounces@puck.nether.net</u></font></a><font size=2 face="Tahoma">
[mailto:</font><a href="mailto:cisco-voip-bounces@puck.nether.net" target=_blank><font size=2 color=blue face="Tahoma"><u>cisco-voip-bounces@puck.nether.net</u></font></a><font size=2 face="Tahoma">]
<b>On Behalf Of </b>Manoj Kalpage<b><br>
Sent:</b> Wednesday, September 13, 2006 5:20 AM<b><br>
To:</b> </font><a href="mailto:cisco-voip@puck.nether.net" target=_blank><font size=2 color=blue face="Tahoma"><u>cisco-voip@puck.nether.net</u></font></a><font size=2 face="Tahoma"><b><br>
Subject:</b> [cisco-voip] ISP and VPN Failover for Call Manager based VOIPnetwork</font>
<p><font size=3 face="Times New Roman"> </font>
<p><font size=3 face="Times New Roman">Dear All,</font>
<p><font size=3 face="Times New Roman">I am looking for ISP fail over for
VoIP network. We have small enterprise VoIP network. If I explain our network
bit, Basically we have call manager and unity server in main office with
PIX515. All the branch offices has PIX 501. With attached fail over solution
I am going to create two tunnels from each branch office and have them
connected to each firewall in main office. I think this way if one PIX515
fail at main office, still branch office can be connected through second
PIX515. Bellow is the router configuration for routing between two PIX
515. This configuration itself doesn't mean anything without looking at
a diagram.I need to test this but I don't have enough gears with me right
now and also I don't have 100% confidence on this. So, I would like to
share with you folks. Any comments and ideas would be greatly appreciated.
</font>
<p><font size=3 face="Times New Roman"> </font>
<p><font size=3 face="Times New Roman">Please find the diagram bellow link
(Sorry it's han written one )</font>
<p><a href=http://proxy.f2.ymdb.yahoofs.jp/bc/857e55a/bc/bd7f/failover.jpg?bcQM9BFBNirrJIWq target=_blank><font size=3 color=blue face="Times New Roman"><u>http://proxy.f2.ymdb.yahoofs.jp/bc/857e55a/bc/bd7f/failover.jpg?bcQM9BFBNirrJIWq</u></font></a>
<p><font size=3 face="Times New Roman"> </font>
<p><font size=3 face="Times New Roman">best regards,</font>
<p><font size=3 face="Times New Roman">Manoj</font>
<p><font size=3 face="Times New Roman"> </font>
<p><font size=3 face="Times New Roman"><br>
ip cef</font>
<p><font size=3 face="Times New Roman">!####Establish sla monitors for
use in tracking objects####!</font>
<p><font size=3 face="Times New Roman">ip sla monitor 1<br>
type echo protocol ipIcmpEcho </font><a href=http://174.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>174.16.0.1</u></font></a><font size=3 face="Times New Roman"><br>
threshold 3<br>
frequency 5<br>
ip sla monitor schedule 1 life forever start-time now </font>
<p><font size=3 face="Times New Roman">ip sla monitor 2<br>
type echo protocol ipIcmpEcho </font><a href=http://173.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>173.16.0.1</u></font></a><font size=3 face="Times New Roman"><br>
threshold 3<br>
frequency 5<br>
ip sla monitor schedule 2 life forever start-time now <br>
!</font>
<p><font size=3 face="Times New Roman">!####Configure Tracking objects
(referencing IP SLA monitor's above)####!</font>
<p><font size=3 face="Times New Roman">track 101 rtr 1 reachability<br>
!<br>
track 102 rtr 2 reachability<br>
!<br>
!<br>
!<br>
!<br>
!####Configure Interfaces with NAT####!</font>
<p><font size=3 face="Times New Roman">interface FastEthernet 0/1<br>
ip address </font><a href=http://172.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>172.16.0.1
</u></font></a><a href=http://255.255.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>255.255.0.0</u></font></a><font size=3 face="Times New Roman"><br>
ip nat inside</font>
<p><font size=3 face="Times New Roman">!<br>
interface Fastethernet 0/0<br>
ip address </font><a href=http://173.16.0.2/ target=_blank><font size=3 color=blue face="Times New Roman"><u>173.16.0.2
</u></font></a><a href=http://255.255.255.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>255.255.255.0</u></font></a><font size=3 face="Times New Roman"><br>
ip nat outside</font>
<p><font size=3 face="Times New Roman">!<br>
interface Fastethernet 0/2<br>
ip address </font><a href=http://174.16.0.2/ target=_blank><font size=3 color=blue face="Times New Roman"><u>174.16.0.2
</u></font></a><a href=http://255.255.255.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>255.255.255.0</u></font></a><font size=3 face="Times New Roman"><br>
ip nat outside</font>
<p><font size=3 face="Times New Roman">!<br>
ip classless<br>
!####Configure gateway of last resort with tracking objects####!<br>
ip route </font><a href=http://0.0.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>0.0.0.0</u></font></a><font size=3 face="Times New Roman">
</font><a href=http://0.0.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>0.0.0.0</u></font></a><font size=3 face="Times New Roman">
</font><a href=http://173.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>173.16.0.1</u></font></a><font size=3 face="Times New Roman">
track 101 <br>
ip route </font><a href=http://0.0.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>0.0.0.0</u></font></a><font size=3 face="Times New Roman">
</font><a href=http://0.0.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>0.0.0.0</u></font></a><font size=3 face="Times New Roman">
</font><a href=http://174.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>174.16.0.1</u></font></a><font size=3 face="Times New Roman">
track 102</font>
<p><font size=3 face="Times New Roman">!####Configure NAT statements for
most outbound traffic####!<br>
ip nat inside source route-map ISP1 interface FastEthernet 0/0 overload<br>
ip nat inside source route-map ISP2 interface FastEthernet 0/2 overload
</font>
<p><font size=3 face="Times New Roman">!<br>
access-list 10 permit </font><a href=http://172.16.0.0/ target=_blank><font size=3 color=blue face="Times New Roman"><u>172.16.0.0</u></font></a><font size=3 face="Times New Roman">
</font><a href=http://0.0.0.255/ target=_blank><font size=3 color=blue face="Times New Roman"><u>0.0.0.255</u></font></a><font size=3 face="Times New Roman"><br>
access-list 101 permit icmp any host </font><a href=http://173.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>173.16.0.1</u></font></a><font size=3 face="Times New Roman">
echo<br>
access-list 102 permit icmp any host </font><a href=http://174.16.0.1/ target=_blank><font size=3 color=blue face="Times New Roman"><u>174.16.0.1</u></font></a><font size=3 face="Times New Roman">
echo</font>
<p><font size=3 face="Times New Roman">!<br>
!####Configure route maps for reference in NAT statements####!<br>
route-map ISP2 permit 10<br>
match ip address 10<br>
match interface Fastethernet 0/1 <br>
!<br>
route-map ISP1 permit 10<br>
match ip address 10<br>
match interface Fastethernet 0/0 <br>
! </font>
<p><font size=3 face="Times New Roman"> </font>
<p>
<p>
<hr>
<p><font size=2 color=#808080 face="Verdana"><b>CONFIDENTIALITY STATEMENT</b></font>
<p><font size=2 color=#808080 face="Verdana">This communication and any
attachments are <b>CONFIDENTIAL</b> and may be protected by one or more
legal privileges. It is intended solely for the use of the addressee identified
above. If you are not the intended recipient, any use, disclosure, copying
or distribution of this communication is <b>UNAUTHORIZED</b>. Neither this
information block, the typed name of the sender, nor anything else in this
message is intended to constitute an electronic signature unless a specific
statement to the contrary is included in this message. If you have received
this communication in error, please immediately contact me and delete this
communication from your computer. Thank you. </font>
<p>
<hr>
<p><tt><font size=2>_______________________________________________<br>
cisco-voip mailing list<br>
cisco-voip@puck.nether.net<br>
https://puck.nether.net/mailman/listinfo/cisco-voip<br>
</font></tt>
<p>