Mark_er
asked on
Cisco SCCP over VPN using 2801 , IADs and 7960G phones
Hello,
We have a main office that has a 2801 with CME that is fed by a T1 (9 PRI channels) from the ISP.
We would like to setup a remote office with a couple of 7960s that would connect to back office over an other T1 and VPN.
The VPN is going to be provided by the ISP using their Cisco IADs.
Currently the main office IAD (from the ISP) provides public ip(s) to the 2801 and the 2801 handles the routing and all.
Under the new setup the IADs would provide private addresses to the 2801 because the ISP handles the VPN setup.
1. How do I need to change the config of the 2801 to allow for this ?
2. I would like to have some QoS controll over the VPN, will the VLANs allow for this?
3. Do I need to put a VLAN capable switch into the remote office ? Or can will the phone tag the traffic anyway, and have only the IAD setup for VLANs?
I attached the current config of the 2801 (with non relevant info removed)
I also attached to drawings of the old (current) and new setup.
Please reply with a sample config and will award the points.
Thanks!
We have a main office that has a 2801 with CME that is fed by a T1 (9 PRI channels) from the ISP.
We would like to setup a remote office with a couple of 7960s that would connect to back office over an other T1 and VPN.
The VPN is going to be provided by the ISP using their Cisco IADs.
Currently the main office IAD (from the ISP) provides public ip(s) to the 2801 and the 2801 handles the routing and all.
Under the new setup the IADs would provide private addresses to the 2801 because the ISP handles the VPN setup.
1. How do I need to change the config of the 2801 to allow for this ?
2. I would like to have some QoS controll over the VPN, will the VLANs allow for this?
3. Do I need to put a VLAN capable switch into the remote office ? Or can will the phone tag the traffic anyway, and have only the IAD setup for VLANs?
I attached the current config of the 2801 (with non relevant info removed)
I also attached to drawings of the old (current) and new setup.
Please reply with a sample config and will award the points.
Thanks!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime
no service password-encryption
!
hostname *********1
!
boot-start-marker
boot system flash:c2801-spservicesk9-mz.124-6.T3.bin
boot-end-marker
!
enable secret 5 **************************.
!
aaa new-model
!
!
aaa authentication login default none
aaa accounting connection h323 start-stop group radius
!
aaa session-id common
!
resource policy
!
clock timezone GMT -6
clock summer-time GMT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
network-clock-participate wic 1
network-clock-select 1 T1 0/1/0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.0.1 10.1.0.10
!
ip dhcp pool phone
network 10.1.0.0 255.255.255.0
default-router 10.1.0.1
option 150 ip 10.1.0.1
!
!
ip name-server xx.xxx.xx.xx
ip name-server xx.xxx.xx.xx
isdn switch-type primary-ni
!
voice-card 0
!
!
!
voice service voip
allow-connections sip to sip
sip
header-passing
registrar server expires max 3600 min 3600
!
!
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
!
!
!
!
!
!
voice translation-rule 3
rule 1 /^1......./ /9/
!
voice translation-rule 9
rule 1 /9\([0,1]..........\)/ /\1/
rule 2 /9\([2-9].........\)/ /\1/
rule 3 /^9\([9,4]11\)/ /\1/
rule 4 /^9011/ /011/
!
voice translation-rule 310
rule 1 /^209$/ /xxxxxxxxxx/
!
!
voice translation-profile PSTN_Incoming
translate redirect-called 310
!
voice translation-profile PSTN_Outgoing
translate called 9
translate redirect-called 310
!
!
!
!
call-history-mib retain-timer 500
call-history-mib max-size 500
dial-control-mib retain-timer 35791
dial-control-mib max-size 1200
!
!
controller T1 0/1/0
framing esf
linecode b8zs
pri-group timeslots 1-12,24
!
controller T1 0/1/1
framing esf
linecode b8zs
gw-accounting syslog
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.212.210 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.0.1 255.255.255.0
no snmp trap link-status
!
interface Service-Engine0/1
ip unnumbered FastEthernet0/0.1
service-module ip address 192.168.212.10 255.255.255.0
service-module ip default-gateway 192.168.212.210
!
interface FastEthernet0/1
ip address 72.11.xxx.xxx 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Serial0/1/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
!
ip default-gateway 72.11.xxx.xxx
ip route 0.0.0.0 0.0.0.0 72.11.xxx.xxx
ip route 192.168.212.10 255.255.255.255 Service-Engine0/1
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:
ip nat inside source list 5 interface FastEthernet0/1 overload
!
logging 192.168.212.187
access-list 5 permit 10.1.0.0 0.0.0.255
disable-eadi
!
!
tftp-server flash:Pop.raw
!
TFTPs snipped
!
control-plane
!
!
!
voice-port 0/1/0:23
!
voice-port 0/2/0
!
voice-port 0/2/1
!
!
!
!
!
dial-peer voice 90 voip
description ** cue voicemail pilot number **
destination-pattern 600
session protocol sipv2
session target ipv4:192.168.212.10
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 91 voip
description ** cue voicemail pilot number **
destination-pattern 601
session protocol sipv2
session target ipv4:192.168.212.10
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 6 pots
description ** FXO pots dial-peer **
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 1[2-9].........
port 0/1/0:23
forward-digits 11
!
dial-peer voice 11 pots
numbering-type unknown
incoming called-number .
direct-inward-dial
!
dial-peer voice 999302 pots
destination-pattern 2893
port 0/2/0
!
dial-peer voice 4 pots
description ** FXO pots dial-peer **
translation-profile outgoing E911
preference 1
destination-pattern 9911
port 0/1/0:23
forward-digits 3
!
dial-peer voice 5 pots
description ** PRI dial-peer **
preference 1
destination-pattern 9[2-9]......
port 0/1/0:23
forward-digits 7
!
dial-peer voice 8 pots
description ** PRI dial-peer **
preference 1
destination-pattern 911
port 0/1/0:23
forward-digits 3
!
dial-peer voice 411 pots
description ** PRI dial-peer **
translation-profile outgoing 411
preference 1
destination-pattern 411
port 0/1/0:23
forward-digits 3
!
dial-peer voice 92 voip
description ** CUE Prompt Management **
destination-pattern 602
session protocol sipv2
session target ipv4:192.168.212.10
dtmf-relay sip-notify
codec g711ulaw
no vad
!
num-exp 1004 299
num-exp 6028 228
num-exp 6029 229
num-exp 6026 209
num-exp 6020 201
num-exp 6021 203
num-exp 6022 205
num-exp 6023 207
num-exp 6024 212
num-exp 6025 214
num-exp 6030 220
num-exp 6027 210
sip-ua
authentication username xxxxxxxxxxx password xxxxxxxxxxx
no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar dns:xxxxxxxxxxxxxxxxxxxx expires 3600 secondary
!
!
telephony-service
load 7910 P00403020214
load 7935 P00503010100
load 7960-7940 P00307020200
load 7914 S00104000100
load ATA ATA030100SCCP040211A
load 7905 CP7905060000SCCP050124A
load 7902 CP7902060000SCCP050124A
load 7920 cmterm_7920.4.0-02-00
load 7971 TERM70.7-0-1-0s
load 7970 TERM70.7-0-1-0s
load 7912 CP7912060000SCCP050124A
max-ephones 24
max-dn 72
ip source-address 72.11.xxx.xxx port 2000
no caller-id name-only
calling-number initiator
system message ABC
time-zone 8
create cnf-files version-stamp 7960 Dec 02 2005 18:23:10
voicemail 600
max-conferences 8 gain -6
call-forward pattern .T
moh music-on-hold.au
web admin system name XXX password xxx
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern .T
secondary-dialtone 9
login timeout 60
!
EPHONES snipped
!
!
!
line con 0
line aux 0
line 130
no activation-character
no exec
transport preferred none
transport input all
transport output all
line vty 0 4
!
scheduler allocate 20000 1000
ntp clock-period 17180109
ntp master
ntp update-calendar
end
Network.jpg
Ignore the option Tags as I redid some stuff and forgot to take them out.
ASKER
To answer your questions:
1. Yes I can readdress the network!
2. There are 3 phones on the main site and 2 on the remote one.
3. The T1 from the ISP is supplying both the 9 voice channels and the data. The T1 from the IAD to the 2801 only supplies the Voice channels. We'll have the 9 channels reduced in the near future to 4.
"All you need to do is include the TFTP server setting on your DHCP."
Would it be this?
option 150 ip 10.1.0.1
Thanks!
1. Yes I can readdress the network!
2. There are 3 phones on the main site and 2 on the remote one.
3. The T1 from the ISP is supplying both the 9 voice channels and the data. The T1 from the IAD to the 2801 only supplies the Voice channels. We'll have the 9 channels reduced in the near future to 4.
"All you need to do is include the TFTP server setting on your DHCP."
Would it be this?
option 150 ip 10.1.0.1
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent and thank you for the help. I should be OK. Is there a way to contact you if I have any more questions?
Thanks again!
Thanks again!
Just do a follow up post and I should get emailed and that way if I happen to busy maybe someone else could jump in and get your questioned answered.
===========
Option One
===========
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.0.1.210 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.0.1 255.255.255.0
no snmp trap link-status
!
interface Service-Engine0/1
ip unnumbered FastEthernet0/0.1
service-module ip address 10.0.1.10 255.255.255.0
service-module ip default-gateway 10.0.1.210
!
interface FastEthernet0/1
shutdown
duplex auto
speed auto
!
interface Serial0/1/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
!
ip default-gateway 10.0.1.xxx <IAD IP>
ip route 0.0.0.0 0.0.0.0 10.0.1.xxx <IAD IP>
ip route 10.0.1.10 255.255.255.255 Service-Engine0/1
dial-peer voice 90 voip
description ** cue voicemail pilot number **
destination-pattern 600
session protocol sipv2
session target ipv4:10.0.1.10
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 91 voip
description ** cue voicemail pilot number **
destination-pattern 601
session protocol sipv2
session target ipv4:10.0.1.10
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 92 voip
description ** CUE Prompt Management **
destination-pattern 602
session protocol sipv2
session target ipv4:10.0.1.10
dtmf-relay sip-notify
codec g711ulaw
no vad
no ip nat inside source list 5 interface FastEthernet0/1 overload
!
logging 10.0.1.187
telephony-service
ip source-address 10.0.1.210 port 2000
On your phone setup I think I read somewhere that the CME doesn't register remote phones but it is still worth a try as I couldn't find that reference. All you need to do is include the TFTP server setting on your DHCP server for the other site and make sure you have a route to the 10.1.0.0/24 network and that your provider includes that traffic from 10.0.2.x network can go to 10.1.0.x network in the VPN policy
===========
Option Two
===========
2) QOS is a problem as this is up to the provider.Providers aren't in the habit of letting customers choose what traffic goes first once it enters their core you are competeing with other customers. Just ask your provider what QoS options they support. How many phones are you putting on the other side? How many users at your main site?
3) Neither no VLANs are needed. VLANs only seperate traffic on a layer two level once they are seperated by an IP address space they are combined into just IP address destinations. As long as the phones have IP reachability to the TFTP server and the CME then everything is good.
SIDE NOTE
Is that a combined T1 suppling both the Data and 9 voice channels? If you experience clipping on your outside calls that is going to be your problem if they do.