08-01-2022 08:31 AM
Hi Everyone,
We have a requirement to change Layer2 connectivity from Remote-Site to Main-site from a radio(Layer2 Trunk) to an IPSEC tunnel.
The plan was, we need to change the IP address of the remote-site as IPSEC tunnel wont work with same subnet (yes we can do NAT but we prefer just changing the IP since this is going to be future-proof).
The main concern was at the remote-site, there are IP-PHONE that has a call manager on the Main-Site under same subnet. Now that we change its IP, is there something we should be concern of?
Any thoughts?
08-01-2022 09:08 AM
only this point
The mode can be either “Transport” or “Tunnel”. We selected “Transport” which only encrypts the payload of the data packets rather than the payload and the header. TAC assured us that this is still totally secure and it creates a little less overhead.
08-02-2022 04:41 AM
Hi,
Is it just the phone subnet at the remote site you're looking to change?
Or is there also a CUCM node on the remote site? If so, does this currently share an IP subnet with a CUCM node and IP phones on the main site? If it's the latter, is the CUCM node on the remote site a Subscriber?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide