[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1384
  • Last Modified:

Hub & Spoke VPN Through windows server 2008

Just a little bit of background information for this question.

I have 15 remote sites which needs to have their telephone equipment linked together so calls can be routed other the internet between sites and reduce costs. Each site has an ADSL connection with a draytek 2900 router and has a lan range of 10.0.x.0/255.255.255.0.

We originally tried a mesh topology which was a bit of a knightmare to configure when new sites where brought onboard and also the VPN connections only seemed to stand up for about 10 minutes until they restarted so calls where constantly being dropped of the VPN just work full stop.

We then changed this to a hub and spoke topology and designated one of the sites as a virtual head office to act as the hub. This was a massive improvement and the VPN connections where standing up for days. As the sites started getting busier and more simulatenous calls where routed through the head office hub the calls quality has started getting worse to an unusible point. I assume this is down to the fact that no matter what site is being called the data has to be routed through the head office and on an ADSL connection is just cant keep up with the data flow.

We cant afford to put a leased line into any of the sites as this would negate the cost saving of routing over the internet so I thought I would setup a cloud based windows server 2008 through rackspace and have that as the head office/vpn hub as it would then have the connection we needed.

So to the question (finally) I have enabled remote dialins and setup a test account for one of the sites. The site dials into the Windows VPN fine but I cant seem to be able talk to the phone system on the LAN of the VPN connection. When I had this on just drayteks it was a LAN to LAN connection which worked perfectly. I am hoping this is just a silly routing issue but I have tried all sorts of configurations and just cant get it working.

Please ask for any further information and sorry for the length of the question.

Many Thanks

Adam
0
adamlangley123
Asked:
adamlangley123
  • 3
  • 3
1 Solution
 
SebastianAbbinantiCommented:
It looks like you have a couple of things going on here, and without a complete understanding of the environment, and can only offer you a few suggestions to focus on.

There are three components that determine VoIP Quality, the Codec, QoS and available bandwidth. While the leased line is not necessarily required, consider the fact that each VPN tunnel can consume up to 30% of the bandwidth utilization for encryption. On the topic of bandwidth, you may choose to upgrade the upstream and downstream bandwidth for the VPN Headend.

The second component to consider is QoS. QoS should be deployed at every device between the two VoIP endpoints. That means that every switch, router, firewall, VPN concentrator, etc. along the way should be prioritizing VoIP Packets. The simplest ways of doing this to deploy VoIP devices on a separate VLAN, and make sure that traffic is prioritize.
You must also prioritize traffic through the VPN tunnel, and prioritize the VPN tunnel through the firewall. This is where you might run into some issues. I don't know if you can prioritize traffic through a VPN tunnel on a Windows Server. I would suggest moving to a hardware based VPN solution like a Cisco ASA or a Cisco 800/1900 series router with an IOS Firewall.

The last component is the Codec. Selecting the proper codec can increase call quality by lowering the required bandwidth for each side of the call. The G.711 Codec requires 64kbits/s per conversation in each direction where is the G.729 Codec only requires 8kbits/s.

Best of Luck!
0
 
adamlangley123Author Commented:
Hi and thanks for your answer. The sites have an adsl connecti
0
 
adamlangley123Author Commented:
Hi and thanks for your answer. The sites have an adsl connection dedicated just to the transport of the phone calls. It's a basic setup of Siemens hg 1500 card straight to the LAN port of a draytek vigor router which has an adsl connection to the Internet.

I think my question more is about LAN to LAN routing over a VPN using windows server 2008 as a VPN server in a hub and spoke topology.

Thanks for your time

Adam
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
SebastianAbbinantiCommented:
If You had a routing issue, then the solution would not function at all. If possible, check your bandwidth utilization at the head end site. Remember, very call must first route through the headend site, and ADLS upstream usually tops out at 720kbit/s. If you are using G.711, then at about 6 calls, you have saturated the circuit, upstream any way.

VoIP traffic across the link, they QoS should not be an issue. However, bandwidth and codec selection could still be the answer to your issue.

Best of Luck!
0
 
adamlangley123Author Commented:
Sorry I don't know if I explained it properly but it was only working properly when I had a draytek router acting as the hub. Now I have a windows server acting as the hub which now has the routing issues.
0
 
SebastianAbbinantiCommented:
Okay, if you are using the windows server for VPN, the default gateway on the VoIP device must be the windows server running the VPN.

From the phone system, can you ping the devices at the remote sites?

Thanks,
S.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now