Routing VPN Data and VoIP Traffic over separate ADSL circuits

I need to come up with a design/Topology for the following scenario:

•	2 X ADSL Circuits
•	1 X Cisco PoE switch
•	Cisco VoIP/SIP phones with PC’s attached to the (Daisy chained)
•	1X VPN router (No routing & cat 5 Ethernet Only)

My question is around how the routing will work in order to get VoIP & Corporate VPN traffic to the correct circuits.  I need the SIP traffic from the Cisco Phones to go out of one of the internet circuits and the VPN traffic to go out over the other

Are there any Cisco routers that can terminate 2 ADSL circuits and do the routing I need ?  I keep trying to visualise how this would work but I keep coming up against the issue of where this  Layer 3 router would go.  I think it would have to sit between the VPN router & the Switch ?  I don’t think we can get around the fact that we need a dumb router just to terminate the circuits and another one that sits between the VPN Router and the switch

are there any better ways to approach this ?
Thirst4KnowledgeAsked:
Who is Participating?
 
kevinhsiehCommented:
Your router can route traffic to different circuits using Policy Based Routing (PBR). Normal routing only looks at the destination IP. PBR can also look at source IP, protocol, port, DSCP tag, etc. to determine how to route the traffic.

http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

On the other hand, since your Cisco SIP phones are probably going to a few specific IP addresses, you could just put the routes into those IP addresses into the router, and then any traffic destined to those IP addresses will go out the correct circuit.
0
 
SebastianAbbinantiCommented:
You can get a Cisco 2900 Series ISR2 Router with two ADSL HWICs. Are they going to be terminating at two different endpoints? If so, you can use two different routing statements, one for each end point. Also, you I would advise you to get the Hardware encryption module if you are doing VPNs, and since this will also function as a gateway, consider the security license to run an IOS Firewall on the same device.

Thanks,
S.
0
 
Thirst4KnowledgeAuthor Commented:
Hi,

The VPN will be created from another router we already have  (VPN Provider solution) sitting behind the circuit termination box.  We will not be creating an IPSEC tunnel from the Router were looking to buy
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Thirst4KnowledgeAuthor Commented:
One of the choices I think is if we have an ADSL router that can terminate both circuits and route VPN traffic  coming from another router its directly connected to through one WAN interface and SIP traffic comming from the VoIP phones through its 2nd WAN interface ?
0
 
Thirst4KnowledgeAuthor Commented:
I have attached a diagram of how I think it will work....

I think I will need to have separate physical connections between the switch and both routers

please advise if you think otherwise or there is a better way to do this.

Thanks
T4K
Drawing1.pdf
0
 
SebastianAbbinantiCommented:
DrawingThis is what I would image. It if is correct, the you just create a routing statement on your router for the endpoint through the appropriate connection. I don't understand here your vpn device is, but it can be upstream or down stream.

Thanks,
S.
0
 
SebastianAbbinantiCommented:
Just set the default gateway of the voice VLAN to the new router, not the VPN.

Thanks,
S.
0
 
Thirst4KnowledgeAuthor Commented:
Sebastian, How can I do that when the Vlans are trunked (PC's hubed through phones)
0
 
Thirst4KnowledgeAuthor Commented:
is there a way to force the phones to go out of a different gateway address than the PC's ?

1)The PC's are connected to the Phones and then into the switch (Trunked )
2)The PC's and Phones are on different VLANS
3)They phones are Cisco
4)The Switch is Cisco PoE
5)CDP is enables on switch
0
 
Thirst4KnowledgeAuthor Commented:
Ok so If I dont use PBR I can use static routes to send traffic destined for the specific addresses (SIP Cloud) out of specific interfaces
0
 
kevinhsiehCommented:
Yes, you can use static routes, which is the easiest way to go.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.