Since firewalling is not my strongest suite I am just after some best practices for the following scenario.
I have a VoIP setup with handsets connecting to 3750 switches (and the computers hanging off the VoIP sets) with all voice traffic on vlan 200 and normal data on vlan 100.
I need to move the call manager behind a PIX to terminate E1's for external voice access. My problem is all VoIP/vlan200 devices currently reside on the 192.168.200/24 subnet. I wish to keep the call manager in the same subnet (behind the 'outside' interface) however I dont seem to be able to do this (as I use a 192.168.200/24 IP for the inside interface to get back onto the network the VoIP sets reside on).
Are there any best practices for this scenario? I need to keep the traffic for VoIP handsets in the same subnet/vlan but im a little stumped as to how one would do this with a PIX in the middle.
The PIX itself is a PIX 501 running 6.3.
Any advice would be helpful.