Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN server behind SPA2102

I am having trouble connecting to my PPTP VPN server.

setup is Cable Modem --> SPA2102 --> Switch --> VPN Server/other pc's

If I enable DMZ and allow all traffic through to the VPN server I can connect succesfully, however for obvious security reasons I do not want to expose this server to the internet.

Typically I would only enable port forwarding on TCP traffic destined to port 1723 to be passed through to the server.

Note SPA2102 Admin login is locked by VOIP provider, user login is available.

thanks 

Everyone's tags (3)
3 REPLIES
Cisco Employee

Re: VPN server behind SPA2102

Hi Edgeman09,

The SPAXXX devices do not have the capacity to route significant amounts of network traffic. Consider changing your network around so the the SPA2102 is deployed as an appliance as follows:

Cable Modem --> Switch

                             |    |

                             |    L --> SPA2102 [Connected with INTERNET port. ETHENET port is not used]

                             |

                             L --> VPN Server/other pc's

Regards,

Patrick

-----------

Community Member

Re: VPN server behind SPA2102

Thanks

The main reason I did not want to opt for the network configuration you suggest is that I want to take advantage of QOS on the SPA.

If I must use an alternate VPN capable router, how should QOS be configured on that device to allow my VOIP calls priority traffic?

thanks

Cisco Employee

Re: VPN server behind SPA2102

The settings will depend on the type of router that you deploy.

You'll need to provide priority for the voice traffic [SIP/RTP] in any possible way that the router/switch allow, perhaps by limiting priority to other traffic types.

Refer to your router's documentation in order to best determine how to enable QoS for voice.

Regards,

Patrick

-----------

3353
Views
0
Helpful
3
Replies
CreatePlease to create content