• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1674
  • Last Modified:

Routing VPN Data and VoIP Traffic over separate ADSL circuits

I need to come up with a design/Topology for the following scenario:

•	2 X ADSL Circuits
•	1 X Cisco PoE switch
•	Cisco VoIP/SIP phones with PC’s attached to the (Daisy chained)
•	1X VPN router (No routing & cat 5 Ethernet Only)

My question is around how the routing will work in order to get VoIP & Corporate VPN traffic to the correct circuits.  I need the SIP traffic from the Cisco Phones to go out of one of the internet circuits and the VPN traffic to go out over the other

Are there any Cisco routers that can terminate 2 ADSL circuits and do the routing I need ?  I keep trying to visualise how this would work but I keep coming up against the issue of where this  Layer 3 router would go.  I think it would have to sit between the VPN router & the Switch ?  I don’t think we can get around the fact that we need a dumb router just to terminate the circuits and another one that sits between the VPN Router and the switch

are there any better ways to approach this ?
0
Thirst4Knowledge
Asked:
Thirst4Knowledge
  • 6
  • 3
  • 2
1 Solution
 
SebastianAbbinantiCommented:
You can get a Cisco 2900 Series ISR2 Router with two ADSL HWICs. Are they going to be terminating at two different endpoints? If so, you can use two different routing statements, one for each end point. Also, you I would advise you to get the Hardware encryption module if you are doing VPNs, and since this will also function as a gateway, consider the security license to run an IOS Firewall on the same device.

Thanks,
S.
0
 
Thirst4KnowledgeAuthor Commented:
Hi,

The VPN will be created from another router we already have  (VPN Provider solution) sitting behind the circuit termination box.  We will not be creating an IPSEC tunnel from the Router were looking to buy
0
 
Thirst4KnowledgeAuthor Commented:
One of the choices I think is if we have an ADSL router that can terminate both circuits and route VPN traffic  coming from another router its directly connected to through one WAN interface and SIP traffic comming from the VoIP phones through its 2nd WAN interface ?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Thirst4KnowledgeAuthor Commented:
I have attached a diagram of how I think it will work....

I think I will need to have separate physical connections between the switch and both routers

please advise if you think otherwise or there is a better way to do this.

Thanks
T4K
Drawing1.pdf
0
 
SebastianAbbinantiCommented:
DrawingThis is what I would image. It if is correct, the you just create a routing statement on your router for the endpoint through the appropriate connection. I don't understand here your vpn device is, but it can be upstream or down stream.

Thanks,
S.
0
 
SebastianAbbinantiCommented:
Just set the default gateway of the voice VLAN to the new router, not the VPN.

Thanks,
S.
0
 
Thirst4KnowledgeAuthor Commented:
Sebastian, How can I do that when the Vlans are trunked (PC's hubed through phones)
0
 
Thirst4KnowledgeAuthor Commented:
is there a way to force the phones to go out of a different gateway address than the PC's ?

1)The PC's are connected to the Phones and then into the switch (Trunked )
2)The PC's and Phones are on different VLANS
3)They phones are Cisco
4)The Switch is Cisco PoE
5)CDP is enables on switch
0
 
kevinhsiehCommented:
Your router can route traffic to different circuits using Policy Based Routing (PBR). Normal routing only looks at the destination IP. PBR can also look at source IP, protocol, port, DSCP tag, etc. to determine how to route the traffic.

http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

On the other hand, since your Cisco SIP phones are probably going to a few specific IP addresses, you could just put the routes into those IP addresses into the router, and then any traffic destined to those IP addresses will go out the correct circuit.
0
 
Thirst4KnowledgeAuthor Commented:
Ok so If I dont use PBR I can use static routes to send traffic destined for the specific addresses (SIP Cloud) out of specific interfaces
0
 
kevinhsiehCommented:
Yes, you can use static routes, which is the easiest way to go.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now