Have anyone implemented IP telephony via VPN across the internet. Is there any identified issues in implementing it.
The setup is, the customer has got call manager at one location and the remote location doesn't have call manager, all phone will register to the call manager at the central location via VPN. They have unity at the central location. The VPN tunnel is between PIX firewall and SonicWall firewall.
Any issues related to the firewall, is there any other port that needs to be opened except for TFTP and 2000 (TCP) on the firewall.
Well, QoS could be a major issue going across the Internet, but from a basic functionality standpoint, you shouldn't have any problems getting it to work. TCP/2000 will be used for phone registration and Skinny signaling messages, and random UDP ports between 16384 and 32767 would be used for audio streams.
Also you may have to be careful if you are using NAT anywhere in the picture. If you have a VPN tunnel and the phones and CallManager can talk to each other as if they were on the same private network, then it should be fine.
We've been doing this for the past year without any problems. QoS is a concern, however, we made sure that we stayed with the same ISP at every site, and that they had a good SLA. We have a full T1 at each site, and we may have at the most 3 calls max at a time. If you fill your bandwidth more, or you can't count on you service level, than yes, QoS becomes a bigger issue.
I have been quoting one of these for a new client on the Qwest VPN service. The limitations are really QoS. I am not aware of any VPN services delivering guaranteed QoS to date. Also, be cautions on the latency claims, they may be an average for a compelte month and not at any time. You have to read the fine print.
I believe one of the problems with QoS on the VPN is that IPSec will hide the type of traffic from the Internet routers. Even if they have QoS setup end-to-end the IPSec may not allow them to determine a voice from a data packet.
On a connection note- I would be careful with the PIX to Sonicwall config.
We have this working but there is a bug that we have identified and notified Sonicwall about that only allows the Sonicwall to renegotiate the tunnel if it goes down. They have reproduced the problem and claim to have a fix coming in the next firmware upgrade. (I have yet to see this yet) Right now a frustration for our data, but for voice this could be disastrous!!!!
I have been doing this for about 9 months now. It works great on Cable Modem, DSL and ISDN. The only thing that you have to watch for is bandwidth utilization. I have had up to 3 phones on a cable modem, and have also created an MGCP gateway (using a VG-200 with FX0, and FXS cards) over that connection. All works fine. For my VPN I use a hardware solution from Red Creek Communications (http://www.redcreek.com). It is solid as a rock, easy to congfigure and totally reliable. The one caviat is that I had to hand program the IP address information into the phones vs. using DHCP.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...