VPN server behind SPA2102

Unanswered Question
Jun 25th, 2009
User Badges:

I am having trouble connecting to my PPTP VPN server.


setup is Cable Modem --> SPA2102 --> Switch --> VPN Server/other pc's


If I enable DMZ and allow all traffic through to the VPN server I can connect succesfully, however for obvious security reasons I do not want to expose this server to the internet.


Typically I would only enable port forwarding on TCP traffic destined to port 1723 to be passed through to the server.


Note SPA2102 Admin login is locked by VOIP provider, user login is available.


thanks 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick Born Fri, 06/26/2009 - 10:12
User Badges:
  • Cisco Employee,

Hi Edgeman09,


The SPAXXX devices do not have the capacity to route significant amounts of network traffic. Consider changing your network around so the the SPA2102 is deployed as an appliance as follows:


Cable Modem --> Switch

                             |    |

                             |    L --> SPA2102 [Connected with INTERNET port. ETHENET port is not used]

                             |

                             L --> VPN Server/other pc's


Regards,



Patrick

-----------

Edgeman09 Fri, 06/26/2009 - 21:39
User Badges:

Thanks


The main reason I did not want to opt for the network configuration you suggest is that I want to take advantage of QOS on the SPA.


If I must use an alternate VPN capable router, how should QOS be configured on that device to allow my VOIP calls priority traffic?


thanks

Patrick Born Mon, 06/29/2009 - 16:32
User Badges:
  • Cisco Employee,

The settings will depend on the type of router that you deploy.

You'll need to provide priority for the voice traffic [SIP/RTP] in any possible way that the router/switch allow, perhaps by limiting priority to other traffic types.

Refer to your router's documentation in order to best determine how to enable QoS for voice.


Regards,



Patrick

-----------