General Question: Cisco phones across non-Cisco VPN

kylebrogers · ‎05-03-2012

Setting aside the QoS discussions, is there anything special I should think about with regard to running a Cisco remote phone as a teleworker's house across a hardware-based IPSec tunnel (using something other than ASAs)? I know I will need to manually set info on the phone. I'm mainly looking for gotchas with regard to the tunnel itself. Is it as simple as setting up a standard IPSEC tunnel where no ports are blocked and letting the phone run over that tunnel?

kylebrogers · ‎05-15-2012

bump

Gregory Garrian · ‎05-15-2012

As long as you have IP connectivity and understand the possible quality issues with no QoS you should be fine, just hard code the network settings (at the least, the tftp settings) on the remote phones.

barry · ‎05-15-2012

Hi Kyle

No, nothing special to worry about. You can run this over pretty much any Lan to Lan tunnel (including non Cisco).

You do need to watch out for QoS (which Cisco firewalls can do even over IPSEC). Another one to watch out for is if you have multiple remote offices configured in this way (e.g. home "a" and home "b"). In CUCM environments, audio flows handset to handset so if the phone in home "a" calls the phone in home "b" you also need an IPSec tunnel between the remote offices.

Hope this helps. Barry

Barry Hesk

Intrinsic Network Solutions

Gregory Garrian · ‎05-15-2012

You don't necessarily need a tunnel between the site for the remote phones to be able to call each other depending on the capabilities of the router/firewall. On an ASA you would use:

same-security-traffic permit

This would allow the VPN traffic to hairpin at the ASA and negate the need for a third tunnel connecting the remote sites.

I'm not sure if your hardware can do this.