Well, I see your biggest problem being the 1750s dont support MGCP (Media Gateway Control Protocol) which is what call manager uses to control a standalone gateway. Lets assume your gateway will be at the central site the 2600s and 3600s will both provide MGCP support in the future. If you plan to have a local gateway at the remote sites you better get at least 2600s and maybe even a 3600 at the central site. They will both handle the VPN, IP, CBAC (Firewall) fine.
Cisco has a good white paper on this. You might want to check it out.
A couple of comments and suggestions about this design:
1. Buy a bigger router at the core, assuming that the core router will also be handling the VoIP and the Internet traffic from that site you will bring a 2611 to its knees with the processing you are attempting.
2. VoIP on a VPN is very tricky business, unless you are using a private IP backbone (AT&T and MCI offer these with great SLAs) I would avoid VoIP over a VLAN at all costs.
3. Keeping in mind the slow and unpredictable nature of dial-up Internet connections and the overhead generated by encrypting and rencapsulating packets, you may want to look at DSL or ISDN at your remotes as opposed to standard analog dial.
Know, here is my two cents -
Core site perimeter (internet router)
Behind this put a PIX 515R with v5.2 SW and an extra 1 port FE card
Use this as your firewall and a VPN concentrator (3rd interface gives you a DMZ for WWW, mail, etc.)
Behind PIX (on Inside interface) put either
a Cisco 2620 with analog or digital ports (depends on req voice port density and interfaces to your PBX if you are using Cisco IP Telephony you don't need this router bu remote sites w/ vocie should be 2610 or higher)
a Cisco 3640 or 3660 if you need lots of ports (ore than 2 T1/PRI worth of voice ports.
Voice enabled -
1750 is fine if Cisco Call Manager is not the PBX at the core site. (If it is use a 2610)
Non - Voice enabled remote -
Assuming you want to use dial-up ( see concerns above) the 805 is OK, for ISDN use an 804, for DSL use a 1605 or 2611 (Dual ethernet ports). All options would need IP/FW/IPSec feature set.
Final recommendation - Talk to your local Cisco rep, ask for a recommendation of a consulting/integration firm with experience in multiservice WANs and VPN they can help design a solution that will work and scale.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...