How do I route to a second gateway device to send VoIP out of the second device?

I have a LAN with 2 VLANs running.  Default is just regular data, VLAN2 is for a call center using softphones on their PCs, VLAN3 is for polycom SIP phones attached to a local Asterisk server (Switchvox).  All this is behind a Sonicwall.

Problem:  Sonicwall is not VoIP friendly and we are getting bad call quality, drops etc.

Proposed solution:  Route VOIP traffic (VLANS 2 and 3) over a second gateway - Edgemark 4550 - so all voip bypasses the Sonicwall.

Details:  Sonicwall is the network's default gateway with two WAN connections, a default pipe and a failover that also carries all the SIP trunks to the carrier.  The Edgemark is currently on a WAN port on the Sonicwall.  The Edgemark is a fail-over internet connection and is carrying the SIP trunking.  Currently the Edgemark is not doing NAT, only passing through to the secondary WAN port on the Sonicwall which is performing all NAT and gateway functions.  The Edgemark is not the primary route to the internet.  I would like to keep it as a failover connection on the Sonicwall but it may not be possible in this architecture to do so and get routing as I want it.  The Asterisk box is on the LAN.  It can be moved outside the firewall if need be but I like it on the LAN if possible.  Network switches are DLINK layer 2+ with static route capability.

Challenge:  I attempted to use static routes in the switches to route VLANs 2 and 3 to use the Edgemark as the gateway instead of the Sonicwall.  I keep getting error "router must be directly connected" when I try to make the route.  I have the Sonicwall LAN port with VLAN subinterfaces connected directly to a trunk port on the switch so not sure why I am getting the error.  The other challenge is that the Edgemark must have a connection to the LAN for data to travel out of it as a secondary gateway, bypassing the default Sonicwall gateway, but the Edgemark must also connect to the Sonicwall as a secondary WAN to allow the WAN failover function.  I think it may be a problem to have the Edgewater connected to both  inside and outside ports of the Sonicwall.  Why the error when creating the route?  Where is the best place to put the Asterisk server?  How do I arrange the Edgemark and Sonicwall to get what we are looking to do?

My brain is toast on this one.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matt VCommented:
If VLAN2 and VLAN3 are going to route out the second gateway, then make that their default gateway.  They should never need to talk to the SonicWall.

Not sure how this is done on the SonicWall, but with a Cisco router, you could setup a route map to say that all traffic coming in from the VLANs needs to go back out to the second gateway, if you have to route through the SonicWall first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The way I've typically set this up is as follows

First, the edgemark will provide an external wan connection to your firewall

Second, the edgemark will connect to your switch to a port tagged for voip traffic (let's say tag id 2) - If the edgemark does not tag the traffic, the port on the switch should auto-tag it so that the phones can see it

Typically, if you have your VLANs setup properly and the phones will get an address from the edgemark using DHCP, then use TFTP and get their config info from the edgemark ... It should never see or talk to the SonicWall ... the phones should be tagged to 2, the port to the edgemark should be untagged to 2, and the port should tag all untagged traffic coming from the edgemark to 2 so the phones could see it

Now, as far as QoS goes, depending upon your implementation, you may have no way of doing inbound QoS unless you are using a circuit from your VoIP provider that can handle QoS outside of your facility. for example, if you have DSL, there really is no way to do inbound QoS ...

Good luck
tiffinITAuthor Commented:
Good suggestions, the caveat to the suggestions is that the computers on VLAN3 need to talk to servers and computers on the regular LAN.  I believe that requires them to talk to the Sonicwall and have it as their default gateway.  I should have mentioned originally. Also, remember that I do not want any VOIP traffic getting inspected by Sonicwall as this is where the whole problem lies that's prompting the routing out a second gateway instead.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

All you have to do is have the VOIP phones on a separate VLAN (which is shared by the edgemark I guess that is giving DHCP addresses) - The phones will generally get a TFTP file for their config and be on a separate logical network than the rest of the computers on the network.

What am I missing?
tiffinITAuthor Commented:
There are computers running softphones on the one of the VLANs.  The computers that run those softphones need to communicate to servers and printers on the regular LAN.  I want the SIP traffic of the softphones to bypass the Sonicwall.
Is the edgemark on the same subnet as the sonicwall?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.