Link to home
Start Free TrialLog in
Avatar of Mark_er
Mark_er

asked on

Cisco SCCP over VPN using 2801 , IADs and 7960G phones

Hello,

We have a main office that has a 2801 with CME that is fed by a T1 (9 PRI channels) from the ISP.

We would like to setup a remote office with a couple of 7960s that would connect to back office over an other T1 and VPN.

The VPN is going to be provided by the ISP using their Cisco IADs.

Currently the main office IAD (from the ISP) provides public ip(s) to the 2801 and the 2801 handles the routing and all.

Under the new setup the IADs would provide private addresses to the 2801 because the ISP handles the VPN setup.

1. How do I need to change the config of the 2801 to allow for this ?

2. I would like to have some QoS controll over the VPN, will the VLANs allow for this?

3. Do I need to put a VLAN capable switch into the remote office ? Or can will the phone tag the traffic anyway, and have only the IAD setup for VLANs?

I attached the current config of the 2801 (with non relevant info removed)

I also attached to drawings of the old (current) and new setup.

Please reply with a sample config and will award the points.

Thanks!
!                                                                               
version 12.4                                                                    
service timestamps debug datetime msec                                          
service timestamps log datetime msec localtime                                  
no service password-encryption                                                  
!                                                                               
hostname *********1                                                           
!                                                                               
boot-start-marker                                                               
boot system flash:c2801-spservicesk9-mz.124-6.T3.bin                            
boot-end-marker                                                                 
!                                                                               
enable secret 5 **************************.                                  
!                                                                               
aaa new-model                                                                   
!                                                                               
!                                                                               
aaa authentication login default none                                           
aaa accounting connection h323 start-stop group radius                          
!                                                                               
aaa session-id common                                                           
!                                                                               
resource policy                                                                 
!                                                                               
clock timezone GMT -6                                                           
clock summer-time GMT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00                   
network-clock-participate wic 1                                                 
network-clock-select 1 T1 0/1/0                                                 
ip cef                                                                          
!                                                                               
!                                                                               
no ip dhcp use vrf connected                                                    
ip dhcp excluded-address 10.1.0.1 10.1.0.10                                     
!                                                                               
ip dhcp pool phone                                                              
   network 10.1.0.0 255.255.255.0                                               
   default-router 10.1.0.1                                                      
   option 150 ip 10.1.0.1                                                       
!                                                                               
!                                                                               
ip name-server xx.xxx.xx.xx                                                     
ip name-server xx.xxx.xx.xx                                                     
isdn switch-type primary-ni                                                     
!                                                                               
voice-card 0                                                                    
!                                                                               
!                                                                               
!                                                                               
voice service voip                                                              
 allow-connections sip to sip                                                   
 sip                                                                            
  header-passing                                                                
  registrar server expires max 3600 min 3600                                    
!                                                                               
!                                                                               
!                                                                               
voice class codec 1                                                             
 codec preference 1 g711ulaw                                                    
 codec preference 2 g729r8                                                      
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
voice translation-rule 3                                                        
 rule 1 /^1......./ /9/                                                         
!                                                                               
voice translation-rule 9                                                        
 rule 1 /9\([0,1]..........\)/ /\1/                                             
 rule 2 /9\([2-9].........\)/ /\1/                                              
 rule 3 /^9\([9,4]11\)/ /\1/                                                    
 rule 4 /^9011/ /011/                                                           
!                                                                               
voice translation-rule 310                                                      
 rule 1 /^209$/ /xxxxxxxxxx/                                                                                                
!                                                                               
!                                                                               
voice translation-profile PSTN_Incoming                                         
 translate redirect-called 310                                                  
!                                                                               
voice translation-profile PSTN_Outgoing                                         
 translate called 9                                                             
 translate redirect-called 310                                                  
!                                                                               
!                                                                               
!                                                                               
!                                                                               
call-history-mib retain-timer 500                                               
call-history-mib max-size 500                                                   
dial-control-mib retain-timer 35791                                             
dial-control-mib max-size 1200                                                  
!                                                                               
!                                                                               
controller T1 0/1/0                                                             
 framing esf                                                                    
 linecode b8zs                                                                  
 pri-group timeslots 1-12,24                                                    
!                                                                               
controller T1 0/1/1                                                             
 framing esf                                                                    
 linecode b8zs                                                                  
gw-accounting syslog                                                            
!                                                                               
!                                                                               
!                                                                               
!                                                                               
interface FastEthernet0/0                                                       
 no ip address                                                                  
 ip nat inside                                                                  
 speed 100                                                                      
 full-duplex                                                                    
!                                                                               
interface FastEthernet0/0.1                                                     
 encapsulation dot1Q 1 native                                                   
 ip address 192.168.212.210 255.255.255.0                                       
 no snmp trap link-status                                                       
!                                                                               
interface FastEthernet0/0.10                                                    
 encapsulation dot1Q 10                                                         
 ip address 10.1.0.1 255.255.255.0                                              
 no snmp trap link-status                                                       
!                                                                               
interface Service-Engine0/1                                                     
 ip unnumbered FastEthernet0/0.1                                                
 service-module ip address 192.168.212.10 255.255.255.0                         
 service-module ip default-gateway 192.168.212.210                              
!                                                                               
interface FastEthernet0/1                                                       
 ip address 72.11.xxx.xxx 255.255.255.248                                       
 ip nat outside                                                                 
 duplex auto                                                                    
 speed auto                                                                     
!                                                                               
interface Serial0/1/0:23                                                        
 no ip address                                                                  
 encapsulation hdlc                                                             
 isdn switch-type primary-ni                                                    
 isdn incoming-voice voice                                                      
 no cdp enable                                                                  
!                                                                               
ip default-gateway 72.11.xxx.xxx                                                
ip route 0.0.0.0 0.0.0.0 72.11.xxx.xxx                                          
ip route 192.168.212.10 255.255.255.255 Service-Engine0/1                       
!                                                                               
!                                                                               
ip http server                                                                  
ip http authentication local                                                    
no ip http secure-server                                                        
ip http path flash:                                                             
ip nat inside source list 5 interface FastEthernet0/1 overload                  
!                                                                               
logging 192.168.212.187                                                         
access-list 5 permit 10.1.0.0 0.0.0.255                                         
disable-eadi                                                                    
!                                                                               
!                                                                               
tftp-server flash:Pop.raw
!                                                      
TFTPs snipped                                          
!                                                                               
control-plane                                                                   
!                                                                               
!                                                                               
!                                                                               
voice-port 0/1/0:23                                                             
!                                                                               
voice-port 0/2/0                                                                
!                                                                               
voice-port 0/2/1                                                                
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
dial-peer voice 90 voip                                                         
 description ** cue voicemail pilot number **                                   
 destination-pattern 600                                                        
 session protocol sipv2                                                         
 session target ipv4:192.168.212.10                                             
 dtmf-relay sip-notify                                                          
 codec g711ulaw                                                                 
 no vad                                                                         
!                                                                               
dial-peer voice 91 voip                                                         
 description ** cue voicemail pilot number **                                   
 destination-pattern 601                                                        
 session protocol sipv2                                                         
 session target ipv4:192.168.212.10                                             
 dtmf-relay sip-notify                                                          
 codec g711ulaw                                                                 
 no vad                                                                         
!                                                                               
dial-peer voice 6 pots                                                          
 description ** FXO pots dial-peer **                                           
 translation-profile outgoing PSTN_Outgoing                                     
 preference 1                                                                   
 destination-pattern 1[2-9].........                                            
 port 0/1/0:23                                                                  
 forward-digits 11                                                              
!                                                                               
dial-peer voice 11 pots                                                         
 numbering-type unknown                                                         
 incoming called-number .                                                       
 direct-inward-dial                                                             
!                                                                               
dial-peer voice 999302 pots                                                     
 destination-pattern 2893                                                       
 port 0/2/0                                                                     
!                                                                               
dial-peer voice 4 pots                                                          
 description ** FXO pots dial-peer **                                           
 translation-profile outgoing E911                                              
 preference 1                                                                   
 destination-pattern 9911                                                       
 port 0/1/0:23                                                                  
 forward-digits 3                                                               
!                                                                               
dial-peer voice 5 pots                                                          
 description ** PRI dial-peer **                                                
 preference 1                                                                   
 destination-pattern 9[2-9]......                                               
 port 0/1/0:23                                                                  
 forward-digits 7                                                               
!                                                                               
dial-peer voice 8 pots                                                          
 description ** PRI dial-peer **                                                
 preference 1                                                                   
 destination-pattern 911                                                        
 port 0/1/0:23                                                                  
 forward-digits 3                                                               
!                                                                               
dial-peer voice 411 pots                                                        
 description ** PRI dial-peer **                                                
 translation-profile outgoing 411                                               
 preference 1                                                                   
 destination-pattern 411                                                        
 port 0/1/0:23                                                                  
 forward-digits 3                                                               
!                                                                               
dial-peer voice 92 voip                                                         
 description ** CUE Prompt Management **                                        
 destination-pattern 602                                                        
 session protocol sipv2                                                         
 session target ipv4:192.168.212.10                                             
 dtmf-relay sip-notify                                                          
 codec g711ulaw                                                                 
 no vad                                                                         
!                                                                               
num-exp 1004 299                                                                
num-exp 6028 228                                                                
num-exp 6029 229                                                                
num-exp 6026 209                                                                
num-exp 6020 201                                                                
num-exp 6021 203                                                                
num-exp 6022 205                                                                
num-exp 6023 207                                                                
num-exp 6024 212                                                                
num-exp 6025 214                                                                
num-exp 6030 220                                                                
num-exp 6027 210                                                                
sip-ua                                                                          
 authentication username xxxxxxxxxxx password xxxxxxxxxxx             
 no remote-party-id                                                             
 retry invite 2                                                                 
 retry register 10                                                              
 timers connect 100                                                             
 registrar dns:xxxxxxxxxxxxxxxxxxxx expires 3600 secondary               
!                                                                               
!                                                                               
telephony-service                                                               
 load 7910 P00403020214                                                         
 load 7935 P00503010100                                                         
 load 7960-7940 P00307020200                                                    
 load 7914 S00104000100                                                         
 load ATA ATA030100SCCP040211A                                                  
 load 7905 CP7905060000SCCP050124A                                              
 load 7902 CP7902060000SCCP050124A                                              
 load 7920 cmterm_7920.4.0-02-00                                                
 load 7971 TERM70.7-0-1-0s                                                      
 load 7970 TERM70.7-0-1-0s                                                      
 load 7912 CP7912060000SCCP050124A                                              
 max-ephones 24                                                                 
 max-dn 72                                                                      
 ip source-address 72.11.xxx.xxx port 2000                                      
 no caller-id name-only                                                         
 calling-number initiator                                                       
 system message ABC                                    
 time-zone 8                                                                    
 create cnf-files version-stamp 7960 Dec 02 2005 18:23:10                       
 voicemail 600                                                                  
 max-conferences 8 gain -6                                                      
 call-forward pattern .T                                                        
 moh music-on-hold.au                                                           
 web admin system name XXX password xxx                           
 dn-webedit                                                                     
 time-webedit                                                                   
 transfer-system full-consult dss                                               
 transfer-pattern .T                                                            
 secondary-dialtone 9                                                           
 login timeout 60                                                               
!                                                                               
EPHONES snipped                                           
!                                                                               
!                                                                               
!                                                                               
line con 0                                                                      
line aux 0                                                                      
line 130                                                                        
 no activation-character                                                        
 no exec                                                                        
 transport preferred none                                                       
 transport input all                                                            
 transport output all                                                           
line vty 0 4                                                                                                                     
!                                                                               
scheduler allocate 20000 1000                                                   
ntp clock-period 17180109                                                       
ntp master                                                                      
ntp update-calendar                                                                                                                   
end

Open in new window

Network.jpg
Avatar of bkepford
bkepford
Flag of United States of America image

1)Can you re address your network? If so I feel it is the best option as it removes complexity. Then connect the data connection from the IAD to the Cat500 Switch.
===========
Option One
===========
interface FastEthernet0/0                                                      
no ip address                                                                  
speed 100                                                                      
full-duplex                                                                    
!                                                                              
interface FastEthernet0/0.1                                                    
encapsulation dot1Q 1 native                                                  
ip address 10.0.1.210 255.255.255.0                                      
no snmp trap link-status                                                      
!                                                                              
interface FastEthernet0/0.10                                                    
encapsulation dot1Q 10                                                        
ip address 10.1.0.1 255.255.255.0                                              
no snmp trap link-status                                                      
!                                                                              
interface Service-Engine0/1                                                    
ip unnumbered FastEthernet0/0.1                                                
service-module ip address 10.0.1.10 255.255.255.0                        
service-module ip default-gateway 10.0.1.210                              
!                                                                              
interface FastEthernet0/1                                                      
shutdown                                                  
duplex auto                                                                    
speed auto                                                                    
!                                                                              
interface Serial0/1/0:23                                                        
no ip address                                                                  
encapsulation hdlc                                                            
isdn switch-type primary-ni                                                    
isdn incoming-voice voice                                                      
no cdp enable                                                                  
!                                                                              
ip default-gateway 10.0.1.xxx <IAD IP>                                            
ip route 0.0.0.0 0.0.0.0 10.0.1.xxx <IAD IP>                                          
ip route 10.0.1.10 255.255.255.255 Service-Engine0/1
dial-peer voice 90 voip                                                        
description ** cue voicemail pilot number **                                  
destination-pattern 600                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad                                                                        
!                                                                              
dial-peer voice 91 voip                                                        
description ** cue voicemail pilot number **                                  
destination-pattern 601                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad  
dial-peer voice 92 voip                                                        
description ** CUE Prompt Management **                                        
destination-pattern 602                                                        
session protocol sipv2                                                        
session target ipv4:10.0.1.10                                            
dtmf-relay sip-notify                                                          
codec g711ulaw                                                                
no vad        
no ip nat inside source list 5 interface FastEthernet0/1 overload                  
!                                                                              
logging 10.0.1.187
telephony-service
 ip source-address 10.0.1.210 port 2000
 
On your phone setup I think I read somewhere that the CME doesn't register remote phones but it is still worth a try as I couldn't find that reference. All you need to do is include the TFTP server setting on your DHCP server for the other site and make sure you have a route to the 10.1.0.0/24 network and that your provider includes that traffic from 10.0.2.x network can go to 10.1.0.x network in the VPN policy
===========
Option Two
===========
2) QOS is a problem as this is up to the provider.Providers aren't in the habit of letting customers choose what traffic goes first once it enters their core you are competeing with other customers. Just ask your provider what QoS options they support.  How many phones are you putting on the other side? How many users at your main site?
3) Neither no VLANs are needed. VLANs only seperate traffic on a layer two level once they are seperated by an IP address space they are combined into just IP address destinations. As long as the phones have IP reachability to the TFTP server and the CME then everything is good.
 
SIDE NOTE
Is that a combined T1 suppling both the Data and 9 voice channels? If you experience clipping on your outside calls that is going to be your problem if they do.
Ignore the option Tags as I redid some stuff and forgot to take them out.
Avatar of Mark_er
Mark_er

ASKER

To answer your questions:

1. Yes I can readdress the network!

2. There are 3 phones on the main site and 2 on the remote one.

3. The T1 from the ISP  is supplying both the 9 voice channels and the data. The T1 from the IAD to the  2801 only supplies the Voice channels.  We'll have the 9 channels reduced in the near future to 4.

"All you need to do is include the TFTP server setting on your DHCP."  

Would it be this?

option 150 ip 10.1.0.1

Thanks!

ASKER CERTIFIED SOLUTION
Avatar of bkepford
bkepford
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mark_er

ASKER

Excellent and thank you for the help. I should be OK. Is there a way to contact you if I have any more questions?

Thanks again!
Just do a follow up post and I should get emailed and that way if I happen to busy maybe someone else could jump in and get your questioned answered.