Setting aside the QoS discussions, is there anything special I should think about with regard to running a Cisco remote phone as a teleworker's house across a hardware-based IPSec tunnel (using something other than ASAs)? I know I will need to manually set info on the phone. I'm mainly looking for gotchas with regard to the tunnel itself. Is it as simple as setting up a standard IPSEC tunnel where no ports are blocked and letting the phone run over that tunnel?
As long as you have IP connectivity and understand the possible quality issues with no QoS you should be fine, just hard code the network settings (at the least, the tftp settings) on the remote phones.
No, nothing special to worry about. You can run this over pretty much any Lan to Lan tunnel (including non Cisco).
You do need to watch out for QoS (which Cisco firewalls can do even over IPSEC). Another one to watch out for is if you have multiple remote offices configured in this way (e.g. home "a" and home "b"). In CUCM environments, audio flows handset to handset so if the phone in home "a" calls the phone in home "b" you also need an IPSec tunnel between the remote offices.
Hope this helps. Barry
Intrinsic Network Solutions
You don't necessarily need a tunnel between the site for the remote phones to be able to call each other depending on the capabilities of the router/firewall. On an ASA you would use:
This would allow the VPN traffic to hairpin at the ASA and negate the need for a third tunnel connecting the remote sites.
I'm not sure if your hardware can do this.