I am looking for suggestions for a solutoion I've ran into today.. I'm trying to install a new router and firewall into an existing network. The router is an Edgewater VOIP router going to a cable connection with static IP's. The firewall is an ASA5505 (Security Plus). There is a third router in the mix (Cisco 1841) which has a PTP connection going to another site. I'll try to verbally explain the network architecture:
Unfortunately, the existing network was flattened on a /19 on which I'm not allowed to change so:
VLAN 1 = Data Network (they used a large /19)
VLAN 40 = Voice (For VOIP Phones)
Edgewater Port 4 > untag 1, tag 40 > ASA5505 Port 0
Edgewater WAN Port > Cable Modem
Edgewater DHCP Server for VLAN 40
ASA5505 Port 0 > untag 1, tag 40 > Edgewater Router
ASA5505 Port 1 > untag 1, tag 40 > Cisco 2950A FE0/4(had to manually set native vlan 1 for the 2950 to work)
ASA5505 Port 2 > untag 1, tag 40 > Cisco SG300 Gig1
Cisco 1841 ip route 0.0.0.0 0.0.0.0 Firewall VLAN 1 Interface IP (Changed to ip route VLAN1_NETWORK VLAN1_IP_TO_ASA5505 and ip route VLAN40_NETWORK VLAN40_IP_OF_EDGEWATER)
Cisco also has internal IP routes going through the private point to point connection to another site....
What I'm replacing out of their existing connection is a sonicwall firewall and adding a few new POE switches for VOIP phones, a VOIP Router, and a ASA5505. I can't get them to play nice no matter what I've tried. It seems i'm running into Asymetrical routing issues (ASA Giving me
Deny TCP (no connection) on VLAN 1 both static and dhcp given VLAN40 DHCP handed from the Edgewater works fine,I can browse out without any issue)...
I'm not sure what the best approach is for this. They need to keep the 1841 for now until a STS VPN connection can be set up with the ASA5505 to their ASA5510 at the other site (months down the road per their budget). All their PC's are statically assigned and using their default gateway as the C1841.
If you need outputs of any configs I've created so far or havy any suggestions on how to fix my issue, I'd love to hear about them. I've tried everything short of re-structuring their whole network or removing my VOIP router which is handling alot of the PBX configurations for the VOIP Phones.
I fixed my issue. Sorry for the confusion and delay. Here's what I did:
I removed the client's 1841's from both sites. I set the IP of the 1841 at the site I was working on as the VLAN1 IP for the ASA. I created a transition VLAN between the ASA and Edgemarc VOIP Router (made it simple, called it VLAN1 with a /30 PTP Internal IP). I set the port to access and not trunk between the ASA and VOIP router to VLAN2. I then trunked the ports from the ASA5505 to the C2950 and manually typed (switchport trunk native vlan 1) on the ASA going to the 2950 as it seems newer devices tag native traffic and the 2950's do not have this ability to do so which causes inoperability. I then plugged in a separate port from the Edgemarc router going to the same 2950 tagging vlan 40 only (access port allowing 40 traffic). I did not allow 40 to hit the ASA as this is pure voice traffic and the ALG's and QoS settings for 40 are pre-built in the Edgemarc. For the removed PTP link to the sister site, I created a Site to Site VPN in the ASA5505 to the sister site's ASA5510. In the edgemarc, I set the same VLAN on its side in correspondance to the IP scheme I set up between the two devices. I then set static routes from the Edgemarc to the ASA for all the subnets it currently carries for the Data Network.
Site is fully operational and working as planned. VLAN 40 (VOIP) traffic is not being inspected by the ASA. It's going right to the VOIP router for several reasons and handicaps of how the Edgemarc works.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...