Cisco 1720 w/ T1 Serial Interface need to add VPN

These questions may be somewhat naive however my knowledge of routing is limited and I get a bit muddled when it comes to NAT.

Currently I have a fairly simple network setup with 8 Computers a PBX and a couple of demo servers running on it.

We've added some expansions to our PBX which seem to require a VPN to allow them to function properly. Currently the 1720 is not VPN capable.

The current cisco config is as follows.

Using 1279 out of 29688 bytes
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname ***************
enable password ************
memory-size iomem 20
ip subnet-zero
ip dhcp pool Tele
   dns-server 66.***.128.38 207.***.75.50
interface Serial0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type ansi
interface Serial0.16 point-to-point
 ip address 10.***.33.26
 ip nat outside
 frame-relay interface-dlci 16 IETF
interface Serial1
 no ip address
interface FastEthernet0
 ip address
 ip nat inside
 speed auto
ip nat pool nat 66.***.68.185 66.***.68.185 netmask
ip nat inside source list 1 pool nat overload
ip nat inside source static 66.***.68.186
ip nat inside source static 66.***.68.188
ip nat inside source static 66.***.68.189
ip nat inside source static 66.***.68.187
ip classless
ip route 10.***.33.25
no ip http server
access-list 1 permit
line con 0
 password *******
line aux 0
line vty 0 4
 password ********
no scheduler allocate

Now, There are several things I don't understand fully.

Why does the serial interface have what appears is a private IP and then a NAT list for the publics router to my private network? Might be a stupid question but without access to the adtran 612 feeding the cisco I'm not sure how the incomming traffic is routed... Guess I'm just confused on that one.

Second, would this config as you see it, cause any problems with traffic over any port flowing to the PBX for the IP phones. Currently the phone can talk to the system and create calls but no audio or signals are returned to the phone. This may be their design flaw etc, however, in theory if given a public IP that's routed to the private IP of the PBX the phones should work properly.
Similar to how they operate on the LAN no?

Now, If I need to add a VPN to the network here is my problem. Each phone is a built in layer 2 switch which allows me to operate the computer and phone from one eth jack. I'm aware that I can setup two subnets, one for the PBX and one for the computers, but that defeats the purpose of one jack one network. I need this to be simple.

On the other hand I'd rather not replace the cisco with the 1721 with VPN, I'm on an unbearably tight budget.. so I need suggestions from some experts!

If I missed something or appeared to ramble I apologize and will respond with any pertitnant information.

Who is Participating?
mikebernhardtConnect With a Mentor Commented:
The serial interface is addressed between you and the ISP. The ISP can route traffic to the public IPs using the serial IP as a next hop regardless of what it is, so the router receives the traffic and does what's necessary.

I can't answer on the PBX issue (no pun intended).

To use 2 vlans on the same port set up trunk ports. Or you might need support for auxiliary vlans which is similar. Check the phone documentation,hopefully they support one or both features.

I'm not sure what the VPN has to do with anything at this time...
danielcpAuthor Commented:
I'll check to see what the phones support as far as vlans, but I doubt much of anything. As far as the VPN I didn't make myself clear, if using the IP phone in a remote application thats what they are calling for and so far all attempts to operate the phone(s) otherwise show the results I posted above. So more than likley I will have to add a VPN to the network somehow.
What phones are you using?
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

danielcpAuthor Commented:
Iwatsu IX-12IPKTD & 18IPKTD, I checked and they do very simple switching.
danielcpAuthor Commented:
Let me clarify my question a bit, I think I confused the issue, my apologies.

Basically, according to Iwatsu, to make the IP phone work properly in a remote enviroment it needs to be on a VPN.

Right now everything goes as follows.

Cisco 1720 -> Dell POE Switch -> Network

So what's the best route to go to add the VPN into the network. Does it require me to replace the Cisco 1720 with a cisco that supports VPN?
VPN and NAT are not my strong points, I'm a Systems Administrator by trade so I understand the basics of routing but I'm much more comfortable
with Apache and MySQL lol.

Yes, you'll need to replace the router with one that supports VPN like the 1811 or 1821. Or else buy a separate VPN appliance which would probably cost more.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.