Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dual NIC Possibilities

Hi,

Long story short, we have two networks. One VLAN is our phones, the other is our PCs.  Due to corporate restrictions (implemented via ACLs on the router), the PCs on the data network can not talk to the VoIP network (ya, bummer, means we can't use cool things like softphone and such).  VoIP traffic still works cause the phones are on the same VLAN as the server.   Anyway, the problem is my users can't connect to the CCM to change their speed dials and such.

I'm wondering if it'd be possible to enable the second NIC on the data VLAN and have the people connect to it that way?  Keep in mind that it'd also need to be able to route back to other office data networks too, so both NICs would need a default gateway. That could be a problem too.

Anyway, looking for ways we can get around this problem.

Any thoughts?

Dave

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Dual NIC Possibilities

Dave,

I assume you are asking if this request is possible on a CUCM system. The answer is no. Have you considered working with the network/security team to find out exactly what concerns they would have with opening HTTPS (TCP 443 and TCP 8443) to the CUCM cluster from the data network?

Oh, and for softphones I totally agree with locking that down. I typically recommend customers look into leverage the UC Proxy feature on the ASA or just a basic Trusted Relay Point (TRP) configuration.  There are pros/cons to each.   I have been meaning to do a writeup on ASA and TRP from a security perspective. It just hasn't happened yet. I did do a write up on TRP as a QoS solution for softphones.  TRP is pretty basic and the security benefits for VLAN traversal should be apparent in this article: http://www.netcraftsmen.net/resources/blogs/trp-and-qos-for-softphones.html

HTH.


Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

1 REPLY

Re: Dual NIC Possibilities

Dave,

I assume you are asking if this request is possible on a CUCM system. The answer is no. Have you considered working with the network/security team to find out exactly what concerns they would have with opening HTTPS (TCP 443 and TCP 8443) to the CUCM cluster from the data network?

Oh, and for softphones I totally agree with locking that down. I typically recommend customers look into leverage the UC Proxy feature on the ASA or just a basic Trusted Relay Point (TRP) configuration.  There are pros/cons to each.   I have been meaning to do a writeup on ASA and TRP from a security perspective. It just hasn't happened yet. I did do a write up on TRP as a QoS solution for softphones.  TRP is pretty basic and the security benefits for VLAN traversal should be apparent in this article: http://www.netcraftsmen.net/resources/blogs/trp-and-qos-for-softphones.html

HTH.


Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

152
Views
5
Helpful
1
Replies
CreatePlease to create content