Solved

Cisco SCCP over VPN using 2801 , IADs and  7960G phones

Posted on 2008-10-23
6
1,544 Views
Last Modified: 2011-10-19
Hello,

We have a main office that has a 2801 with CME that is fed by a T1 (9 PRI channels) from the ISP.

We would like to setup a remote office with a couple of 7960s that would connect to back office over an other T1 and VPN.

The VPN is going to be provided by the ISP using their Cisco IADs.

Currently the main office IAD (from the ISP) provides public ip(s) to the 2801 and the 2801 handles the routing and all.

Under the new setup the IADs would provide private addresses to the 2801 because the ISP handles the VPN setup.

1. How do I need to change the config of the 2801 to allow for this ?

2. I would like to have some QoS controll over the VPN, will the VLANs allow for this?

3. Do I need to put a VLAN capable switch into the remote office ? Or can will the phone tag the traffic anyway, and have only the IAD setup for VLANs?

I attached the current config of the 2801 (with non relevant info removed)

I also attached to drawings of the old (current) and new setup.

Please reply with a sample config and will award the points.

Thanks!
!                                                                               

version 12.4                                                                    

service timestamps debug datetime msec                                          

service timestamps log datetime msec localtime                                  

no service password-encryption                                                  

!                                                                               

hostname *********1                                                           

!                                                                               

boot-start-marker                                                               

boot system flash:c2801-spservicesk9-mz.124-6.T3.bin                            

boot-end-marker                                                                 

!                                                                               

enable secret 5 **************************.                                  

!                                                                               

aaa new-model                                                                   

!                                                                               

!                                                                               

aaa authentication login default none                                           

aaa accounting connection h323 start-stop group radius                          

!                                                                               

aaa session-id common                                                           

!                                                                               

resource policy                                                                 

!                                                                               

clock timezone GMT -6                                                           

clock summer-time GMT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00                   

network-clock-participate wic 1                                                 

network-clock-select 1 T1 0/1/0                                                 

ip cef                                                                          

!                                                                               

!                                                                               

no ip dhcp use vrf connected                                                    

ip dhcp excluded-address 10.1.0.1 10.1.0.10                                     

!                                                                               

ip dhcp pool phone                                                              

   network 10.1.0.0 255.255.255.0                                               

   default-router 10.1.0.1                                                      

   option 150 ip 10.1.0.1                                                       

!                                                                               

!                                                                               

ip name-server xx.xxx.xx.xx                                                     

ip name-server xx.xxx.xx.xx                                                     

isdn switch-type primary-ni                                                     

!                                                                               

voice-card 0                                                                    

!                                                                               

!                                                                               

!                                                                               

voice service voip                                                              

 allow-connections sip to sip                                                   

 sip                                                                            

  header-passing                                                                

  registrar server expires max 3600 min 3600                                    

!                                                                               

!                                                                               

!                                                                               

voice class codec 1                                                             

 codec preference 1 g711ulaw                                                    

 codec preference 2 g729r8                                                      

!                                                                               

!                                                                               

!                                                                               

!                                                                               

!                                                                               

!                                                                               

!                                                                               

!                                                                               

voice translation-rule 3                                                        

 rule 1 /^1......./ /9/                                                         

!                                                                               

voice translation-rule 9                                                        

 rule 1 /9\([0,1]..........\)/ /\1/                                             

 rule 2 /9\([2-9].........\)/ /\1/                                              

 rule 3 /^9\([9,4]11\)/ /\1/                                                    

 rule 4 /^9011/ /011/                                                           

!                                                                               

voice translation-rule 310                                                      

 rule 1 /^209$/ /xxxxxxxxxx/                                                                                                

!                                                                               

!                                                                               

voice translation-profile PSTN_Incoming                                         

 translate redirect-called 310                                                  

!                                                                               

voice translation-profile PSTN_Outgoing                                         

 translate called 9                                                             

 translate redirect-called 310                                                  

!                                                                               

!                                                                               

!                                                                               

!                                                                               

call-history-mib retain-timer 500                                               

call-history-mib max-size 500                                                   

dial-control-mib retain-timer 35791                                             

dial-control-mib max-size 1200                                                  

!                                                                               

!                                                                               

controller T1 0/1/0                                                             

 framing esf                                                                    

 linecode b8zs                                                                  

 pri-group timeslots 1-12,24                                                    

!                                                                               

controller T1 0/1/1                                                             

 framing esf                                                                    

 linecode b8zs                                                                  

gw-accounting syslog                                                            

!                                                                               

!                                                                               

!                                                                               

!                                                                               

interface FastEthernet0/0                                                       

 no ip address                                                                  

 ip nat inside                                                                  

 speed 100                                                                      

 full-duplex                                                                    

!                                                                               

interface FastEthernet0/0.1                                                     

 encapsulation dot1Q 1 native                                                   

 ip address 192.168.212.210 255.255.255.0                                       

 no snmp trap link-status                                                       

!                                                                               

interface FastEthernet0/0.10                                                    

 encapsulation dot1Q 10                                                         

 ip address 10.1.0.1 255.255.255.0                                              

 no snmp trap link-status                                                       

!                                                                               

interface Service-Engine0/1                                                     

 ip unnumbered FastEthernet0/0.1                                                

 service-module ip address 192.168.212.10 255.255.255.0                         

 service-module ip default-gateway 192.168.212.210                              

!                                                                               

interface FastEthernet0/1                                                       

 ip address 72.11.xxx.xxx 255.255.255.248                                       

 ip nat outside                                                                 

 duplex auto                                                                    

 speed auto                                                                     

!                                                                               

interface Serial0/1/0:23                                                        

 no ip address                                                                  

 encapsulation hdlc                                                             

 isdn switch-type primary-ni                                                    

 isdn incoming-voice voice                                                      

 no cdp enable                                                                  

!                                                                               

ip default-gateway 72.11.xxx.xxx                                                

ip route 0.0.0.0 0.0.0.0 72.11.xxx.xxx                                          

ip route 192.168.212.10 255.255.255.255 Service-Engine0/1                       

!                                                                               

!                                                                               

ip http server                                                                  

ip http authentication local                                                    

no ip http secure-server                                                        

ip http path flash:                                                             

ip nat inside source list 5 interface FastEthernet0/1 overload                  

!                                                                               

logging 192.168.212.187                                                         

access-list 5 permit 10.1.0.0 0.0.0.255                                         

disable-eadi                                                                    

!                                                                               

!                                                                               

tftp-server flash:Pop.raw

!                                                      

TFTPs snipped                                          

!                                                                               

control-plane                                                                   

!                                                                               

!                                                                               

!                                                                               

voice-port 0/1/0:23                                                             

!                                                                               

voice-port 0/2/0                                                                

!                                                                               

voice-port 0/2/1                                                                

!                                                                               

!                                                                               

!                                                                               

!                                                                               

!                                                                               

dial-peer voice 90 voip                                                         

 description ** cue voicemail pilot number **                                   

 destination-pattern 600                                                        

 session protocol sipv2                                                         

 session target ipv4:192.168.212.10                                             

 dtmf-relay sip-notify                                                          

 codec g711ulaw                                                                 

 no vad                                                                         

!                                                                               

dial-peer voice 91 voip                                                         

 description ** cue voicemail pilot number **                                   

 destination-pattern 601                                                        

 session protocol sipv2                                                         

 session target ipv4:192.168.212.10                                             

 dtmf-relay sip-notify                                                          

 codec g711ulaw                                                                 

 no vad                                                                         

!                                                                               

dial-peer voice 6 pots                                                          

 description ** FXO pots dial-peer **                                           

 translation-profile outgoing PSTN_Outgoing                                     

 preference 1                                                                   

 destination-pattern 1[2-9].........                                            

 port 0/1/0:23                                                                  

 forward-digits 11                                                              

!                                                                               

dial-peer voice 11 pots                                                         

 numbering-type unknown                                                         

 incoming called-number .                                                       

 direct-inward-dial                                                             

!                                                                               

dial-peer voice 999302 pots                                                     

 destination-pattern 2893                                                       

 port 0/2/0                                                                     

!                                                                               

dial-peer voice 4 pots                                                          

 description ** FXO pots dial-peer **                                           

 translation-profile outgoing E911                                              

 preference 1                                                                   

 destination-pattern 9911                                                       

 port 0/1/0:23                                                                  

 forward-digits 3                                                               

!                                                                               

dial-peer voice 5 pots                                                          

 description ** PRI dial-peer **                                                

 preference 1                                                                   

 destination-pattern 9[2-9]......                                               

 port 0/1/0:23                                                                  

 forward-digits 7                                                               

!                                                                               

dial-peer voice 8 pots                                                          

 description ** PRI dial-peer **                                                

 preference 1                                                                   

 destination-pattern 911                                                        

 port 0/1/0:23                                                                  

 forward-digits 3                                                               

!                                                                               

dial-peer voice 411 pots                                                        

 description ** PRI dial-peer **                                                

 translation-profile outgoing 411                                               

 preference 1                                                                   

 destination-pattern 411                                                        

 port 0/1/0:23                                                                  

 forward-digits 3                                                               

!                                                                               

dial-peer voice 92 voip                                                         

 description ** CUE Prompt Management **                                        

 destination-pattern 602                                                        

 session protocol sipv2                                                         

 session target ipv4:192.168.212.10                                             

 dtmf-relay sip-notify                                                          

 codec g711ulaw                                                                 

 no vad                                                                         

!                                                                               

num-exp 1004 299                                                                

num-exp 6028 228                                                                

num-exp 6029 229                                                                

num-exp 6026 209                                                                

num-exp 6020 201                                                                

num-exp 6021 203                                                                

num-exp 6022 205                                                                

num-exp 6023 207                                                                

num-exp 6024 212                                                                

num-exp 6025 214                                                                

num-exp 6030 220                                                                

num-exp 6027 210                                                                

sip-ua                                                                          

 authentication username xxxxxxxxxxx password xxxxxxxxxxx             

 no remote-party-id                                                             

 retry invite 2                                                                 

 retry register 10                                                              

 timers connect 100                                                             

 registrar dns:xxxxxxxxxxxxxxxxxxxx expires 3600 secondary               

!                                                                               

!                                                                               

telephony-service                                                               

 load 7910 P00403020214                                                         

 load 7935 P00503010100                                                         

 load 7960-7940 P00307020200                                                    

 load 7914 S00104000100                                                         

 load ATA ATA030100SCCP040211A                                                  

 load 7905 CP7905060000SCCP050124A                                              

 load 7902 CP7902060000SCCP050124A                                              

 load 7920 cmterm_7920.4.0-02-00                                                

 load 7971 TERM70.7-0-1-0s                                                      

 load 7970 TERM70.7-0-1-0s                                                      

 load 7912 CP7912060000SCCP050124A                                              

 max-ephones 24                                                                 

 max-dn 72                                                                      

 ip source-address 72.11.xxx.xxx port 2000                                      

 no caller-id name-only                                                         

 calling-number initiator                                                       

 system message ABC                                    

 time-zone 8                                                                    

 create cnf-files version-stamp 7960 Dec 02 2005 18:23:10                       

 voicemail 600                                                                  

 max-conferences 8 gain -6                                                      

 call-forward pattern .T                                                        

 moh music-on-hold.au                                                           

 web admin system name XXX password xxx                           

 dn-webedit                                                                     

 time-webedit                                                                   

 transfer-system full-consult dss                                               

 transfer-pattern .T                                                            

 secondary-dialtone 9                                                           

 login timeout 60                                                               

!                                                                               

EPHONES snipped                                           

!                                                                               

!                                                                               

!                                                                               

line con 0                                                                      

line aux 0                                                                      

line 130                                                                        

 no activation-character                                                        

 no exec                                                                        

 transport preferred none                                                       

 transport input all                                                            

 transport output all                                                           

line vty 0 4                                                                                                                     

!                                                                               

scheduler allocate 20000 1000                                                   

ntp clock-period 17180109                                                       

ntp master                                                                      

ntp update-calendar                                                                                                                   

end

Open in new window

Network.jpg
0
Comment
Question by:Mark_er
  • 4
  • 2
6 Comments
 
LVL 15

Expert Comment

by:bkepford
ID: 22800064
1)Can you re address your network? If so I feel it is the best option as it removes complexity. Then connect the data connection from the IAD to the Cat500 Switch.
===========
Option One
===========
interface FastEthernet0/0                                                      
no ip address                                                                  
speed 100                                                                      
full-duplex                                                                    
!                                                                              
interface FastEthernet0/0.1                                                    
encapsulation dot1Q 1 native                                                  
ip address 10.0.1.210 255.255.255.0                                      
no snmp trap link-status                                                      
!                                                                              
interface FastEthernet0/0.10                                                    
encapsulation dot1Q 10                                                        
ip address 10.1.0.1 255.255.255.0                                              
no snmp trap link-status                                                      
!                                                                              
interface Service-Engine0/1                                                    
ip unnumbered FastEthernet0/0.1                                                
service-module ip address 10.0.1.10 255.255.255.0                        
service-module ip default-gateway 10.0.1.210                              
!                                                                              
interface FastEthernet0/1                                                      
shutdown                                                  
duplex auto                                                                    
speed auto                                                                    
!                                                                              
interface Serial0/1/0:23                                                        
no ip address                                                                  
encapsulation hdlc                                                            
isdn switch-type primary-ni                                                    
isdn incoming-voice voice                                                      
no cdp enable                                                                  
!                                                                              
ip default-gateway 10.0.1.xxx <IAD IP>                                            
ip route 0.0.0.0 0.0.0.0 10.0.1.xxx <IAD IP>                                          
ip route 10.0.1.10 255.255.255.255 Service-Engine0/1
dial-peer voice 90 voip                                                        
description ** cue voicemail pilot number **                                  
destination-pattern 600                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad                                                                        
!                                                                              
dial-peer voice 91 voip                                                        
description ** cue voicemail pilot number **                                  
destination-pattern 601                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad  
dial-peer voice 92 voip                                                        
description ** CUE Prompt Management **                                        
destination-pattern 602                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad        
no ip nat inside source list 5 interface FastEthernet0/1 overload                  
!                                                                              
logging 10.0.1.187
telephony-service
 ip source-address 10.0.1.210 port 2000
 
On your phone setup I think I read somewhere that the CME doesn't register remote phones but it is still worth a try as I couldn't find that reference. All you need to do is include the TFTP server setting on your DHCP server for the other site and make sure you have a route to the 10.1.0.0/24 network and that your provider includes that traffic from 10.0.2.x network can go to 10.1.0.x network in the VPN policy
===========
Option Two
===========
2) QOS is a problem as this is up to the provider.Providers aren't in the habit of letting customers choose what traffic goes first once it enters their core you are competeing with other customers. Just ask your provider what QoS options they support.  How many phones are you putting on the other side? How many users at your main site?
3) Neither no VLANs are needed. VLANs only seperate traffic on a layer two level once they are seperated by an IP address space they are combined into just IP address destinations. As long as the phones have IP reachability to the TFTP server and the CME then everything is good.
 
SIDE NOTE
Is that a combined T1 suppling both the Data and 9 voice channels? If you experience clipping on your outside calls that is going to be your problem if they do.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22800070
Ignore the option Tags as I redid some stuff and forgot to take them out.
0
 

Author Comment

by:Mark_er
ID: 22800202
To answer your questions:

1. Yes I can readdress the network!

2. There are 3 phones on the main site and 2 on the remote one.

3. The T1 from the ISP  is supplying both the 9 voice channels and the data. The T1 from the IAD to the  2801 only supplies the Voice channels.  We'll have the 9 channels reduced in the near future to 4.

"All you need to do is include the TFTP server setting on your DHCP."  

Would it be this?

option 150 ip 10.1.0.1

Thanks!

0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Accepted Solution

by:
bkepford earned 500 total points
ID: 22800488
Yes the it is tftp option 150. That doen't have to be set on a Cisco device either it can come from a Windows DHCP server. It doesn't have that option inherently so you have to create it. You can set the tftp option to point to either the 10.0.1.210 or the 10.1.0.1 address.
here is the link to create option 150 on a windows server
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22971739.html
RESPONSE TO 2) QOS is probably not going to be an issue with a small network like that. Because their doing a VPN any tag you set is going to be encrypted so they would have to reset the tag on the provider side. Now if this is a VPN over a providers private network (shared only by their customers) that may be possible just ask them but if this is a VPN over an Internet connection it wouldn't be supported.
RESPONSE TO 3) I just got off a job that did the same thing with their voice channels with the CME I think the provider was a company called NuVox and they had lots of clipping and call quality issues with it. It may not happen with you but just in case you see it look their first.
0
 

Author Closing Comment

by:Mark_er
ID: 31509525
Excellent and thank you for the help. I should be OK. Is there a way to contact you if I have any more questions?

Thanks again!
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22800550
Just do a follow up post and I should get emailed and that way if I happen to busy maybe someone else could jump in and get your questioned answered.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now