Solved

How can I route VOIP traffic over a 2nd WAN connection?

Posted on 2010-11-17
14
4,936 Views
Last Modified: 2012-05-10
We have a Sonicwall TZ-200 firewall facing the internet and a Cisco 1700 router that handles routing for the two VLANs that we have.  The VOIP system is on a separate VLAN than the other computers.  We are looking to add a 2nd WAN connection and have the VOIP traffic routed over the existing T1 line and all other internet traffic routed over the new faster Comcast line.  First of all, is this possible with our existing hardware?  If so, how can I configure this?  I know the TZ-200 can handle dual WAN but not sure if it can split traffic based on protocol/service.  Supposedly Sonicwall NSA devices can do this, but what about the TZ?  If not, please confirm what hardware I would need to accomplish this.
0
Comment
Question by:ITLighthouse
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 34157741
My (admittedly very limited) experience with Sonicwall is their dual external interface traffic rules can be either active/passive failover, per-destination round-robin, spillover (when primary bandwidth exceeds x amount) or percentage-based (x percent to primary, y percentage to secondary).  I don't know of a way you can control what path a specific type of traffic will take, unless all VoIP is going to one location, and you may be able to configure a static route for that destination.  But then everything would take that path, not only the VoIP traffic.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34158943
If your phones have different ips than the computer network, then just rote data from that subnet where you want it to go.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34158981
I will give more detail once I get back in the office
0
 
LVL 33

Expert Comment

by:digitap
ID: 34161785
are you running an enhanced OS on the sonicwall?  if you add an additional WAN interface, then you now have two gateway's...or that's how sonicwall sees it.  once setup, you can tell the sonicwall to send specific traffic out a specific gateway via zone or interface.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 34161818
Ahh.. I never did get back like I said I would, I deleted the email. :-)   Anyway,  setup a second wan interface.   Create a site to site VPN on the sonicwall and assign it to the x2 or whatever interface as you set up as the second WAN.  Make sure to setup your local and destination networks to reflect only the traffic you are wanting to send across.   Depending on how you set up the VPN you may or may not need to create a manual route.  It should autocreate routes based on the source and destination networks of your site to site VPN
0
 
LVL 1

Author Comment

by:ITLighthouse
ID: 34169297
I'm running enhanced OS on the sonicwall.  I'm not sure I understand what setting up a VPN would accomplish, or why that would be needed.

The only thing I can think of is to setup the 2nd WAN on the Sonicwall and somehow bind that to a 2nd internal IP address to act as another gateway for the local network.  And then configure the Cisco to route traffic from the VOIP VLAN to that 2nd gateway.  But that might mess up the ability for the call manager clients on one VLAN to communicate with the VOIP server on the other VLAN.

Digitap:  can you expand on your explanation?  
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 33

Expert Comment

by:digitap
ID: 34169328
sure.  i have a link below that walks you through setting up a secondary gateway.  essentially, once you've setup the secondary gateway, you merely create a route and assign a group of services, http, https, etc, to utilize the secondary gateway (comcast).


https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7781


hope that helps...
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 34169333
for example, the scenario below is sending SMTP traffic through the secondary gateway.  obviously, you'd choose whichever service you needed.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5733
1
 
LVL 15

Expert Comment

by:getzjd
ID: 34169490
Doink.. sorry about the VPN piece.  Who knows what I was thinking.  Probably thinking about an exchange sonicwall vpn issue that I was posting on earlier. .  skip that.. I meant to keep on the track of just setting up routes, nat and firewall rules.  
0
 
LVL 1

Author Comment

by:ITLighthouse
ID: 34169957
I think that article about routing SMTP traffic was the piece I needed.  I would just change the service to VOIP and make sure it encompasses all the ports involved.  I will give it a try and let you know how it goes.

Thanks for the suggestions!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34170380
you're welcome.  looking forward to the results!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34386643
routing specific traffic out a secondary WAN is straight forward.  my solutions here, http:#a34169328, and here, http:#a34169333, would be sufficient for configuring that.
0
 
LVL 1

Author Closing Comment

by:ITLighthouse
ID: 34403774
As it turns out, the VOIP traffic wasn't even going through the Sonicwall to begin with, but is beingn split off somewhere else on the network.  But your solution is what I would have needed to configure.

Thanks.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now