Cisco 1720 w/ T1 Serial Interface need to add VPN
Posted on 2006-05-01
These questions may be somewhat naive however my knowledge of routing is limited and I get a bit muddled when it comes to NAT.
Currently I have a fairly simple network setup with 8 Computers a PBX and a couple of demo servers running on it.
We've added some expansions to our PBX which seem to require a VPN to allow them to function properly. Currently the 1720 is not VPN capable.
The current cisco config is as follows.
Using 1279 out of 29688 bytes
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable password ************
memory-size iomem 20
ip dhcp pool Tele
network 192.168.1.0 255.255.255.0
dns-server 66.***.128.38 207.***.75.50
no ip address
frame-relay lmi-type ansi
interface Serial0.16 point-to-point
ip address 10.***.33.26 255.255.255.252
ip nat outside
frame-relay interface-dlci 16 IETF
no ip address
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat pool nat 66.***.68.185 66.***.68.185 netmask 255.255.255.248
ip nat inside source list 1 pool nat overload
ip nat inside source static 192.168.1.105 66.***.68.186
ip nat inside source static 192.168.1.250 66.***.68.188
ip nat inside source static 192.168.1.252 66.***.68.189
ip nat inside source static 192.168.1.251 66.***.68.187
ip route 0.0.0.0 0.0.0.0 10.***.33.25
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
no scheduler allocate
Now, There are several things I don't understand fully.
Why does the serial interface have what appears is a private IP and then a NAT list for the publics router to my private network? Might be a stupid question but without access to the adtran 612 feeding the cisco I'm not sure how the incomming traffic is routed... Guess I'm just confused on that one.
Second, would this config as you see it, cause any problems with traffic over any port flowing to the PBX for the IP phones. Currently the phone can talk to the system and create calls but no audio or signals are returned to the phone. This may be their design flaw etc, however, in theory if given a public IP that's routed to the private IP of the PBX the phones should work properly.
Similar to how they operate on the LAN no?
Now, If I need to add a VPN to the network here is my problem. Each phone is a built in layer 2 switch which allows me to operate the computer and phone from one eth jack. I'm aware that I can setup two subnets, one for the PBX and one for the computers, but that defeats the purpose of one jack one network. I need this to be simple.
On the other hand I'd rather not replace the cisco with the 1721 with VPN, I'm on an unbearably tight budget.. so I need suggestions from some experts!
If I missed something or appeared to ramble I apologize and will respond with any pertitnant information.