I've been tasked with setting up some SIP trunks in some of our locations to our ITSP and could use some assistance.
Here is our topology.
- A 2800 series router acting as the TDM gateway router.
- It's connected to the LAN via a GigE interface and connected to the PBX via a serial interface
- The default gateway for the TDM router is the standby address on the Internet edge routers
- A pair of 2800 series routers for Internet edge & corporate VPN
- Router #1 connects to ISP 1 & router #2 connects to ISP 2
- Each 2800 router is running:
- VPN tunnels back to main office and data centers
- BGP for peering with the ISP & corporate VPN peer routers
- NAT for local Internet access (not back hauled to main office or data centers)
- No firewall features such as Inspect, CBAC, ZBFW, etc.
- For NAT, each ISP has allocated a /27 block for things that may need a public facing IP address. We are not using an public /24 that gets routed to both ISP.
- This means our TDM router nats to x.x.x.254 when going through router #1 and nats to y.y.y.222 when going through router #2
- Currently the #2 router is the active HSRP router and is advertising the default route to the #1 router with a more preferred local preference.
- The way our ISTP set up peering for the SIP trunks (for redundancy), they provided us with 2 SIP peering points and allow only the x.x.x.254 IP address of ours to go to one SIP peer and only our y.y.y.222 IP address to go to the other SIP peer.
In order to make some test calls, I've installed xlite on my laptop and have it registered to the TDM gateway router.
When I configure dial peers on the TDM gateway to send calls to the ITSP peer #2, the traffic goes to our Internet edge router #2 and things work just fine.
When I make our Internet edge router #1 router to be the active HSRP router and prefer it for Internet routing (modify the BGP local preference), the calls do not set up.
When I moved routing back to our Internet edge router #2 and tried test calls to both SIP peers, the calls didn't set up or I got some one way audio behavior.
From what I've read, it sounds like NAT is problematic with SIP and if required, I should be using something like SIP inspection, SIP ALG, or CUBE.
At this particular point, I'm curious if this is even a desirable topology. I'm trying to make do with what I've been provided with but the call testing has me wondering if there is a more elegant solution to provide the SIP trunking to both ITSP peers and have less headaches with things like HSRP, BGP, and NAT in the equation.
I've read up on SIP ALG and CUBE and at this point am still looking for topology best practice advice.
Currently, we have just the 3 routers- One as the TDM gateway and the other 2 for Internet edge/NAT/site-to-site VPN.
Since NAT & HSRP are required on the Internet edge/VPN routers, does that mean I really should have another (4th) router to server as a CUBE?
Should the CUBE be connected to the Internet with a public IP so it does not have to route through the other routers doing NAT & HSRP?
Can I configure the existing TDM router as a CUBE as well or best to have it as 2 routers, each doing their respective function?
From what I've researched, it seems like keeping the VoIP functions and data connectivity functions on different devices that are independent of one another may be the better way to go but I may be wrong.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...