cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
393
Views
0
Helpful
3
Replies

IPTelephony and ASA IPSec

Rizal Ferdiyan
Level 1
Level 1

Dear Expert,

I Have topology like this, I want to set IPSec Tunnel Between ASA-1 to ASA-2.

| CUCM Cluster-1 |

           |

           |

       ASA-1

           |

           |

|============|

|  Network Cloud |

|============|

           |

           |

       ASA-2

           |

           |

| CUCM Cluster-2 |

Based on Cisco Documentation http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml some application can't work because MTU issue. Is there any limitation or issue (example : MTU Problem) if i build ipsec between IPTelephony site (CUCM Cluster-1 and CUCM Cluster-2). We already know that IP Telephony need many application, so i am little affraid if i setup IPSec it will cause issue for IPTelephony.

Does anybody have any experience like this ? (Set up IPSec between IPTelephony site), I want to make sure there is no issue or limitation before i set up IPSec

BR,

Rizal Ferdiyan

3 Replies 3

ronpatel
Level 8
Level 8

Hi Rizal,

See if below link helps you get some idea.

https://supportforums.cisco.com/thread/2065836

Regards

Ronak Patel

Please rate helpful posts by clicking stars below the answer.

Regards Ronak Patel Rate all helpful post by clicking stars below the answer.

Dear Ronak Patel,

Thank u for your response,

and sorry i missed topology i draw, the topology should be :

| CUCM A Cluster-1 |

           |

           |

       ASA-1

           |

           |

|============|

|  Network Cloud |

|============|

           |

           |

       ASA-2

           |

           |

| CUCM B Cluster-1 |

CUCM A and CUCM B in the same cluster.

I see the link you send to me, but in that link the discussion is IPSec between CUCM and Voice Gateway. I want to set up IPSec between ASA-1 and ASA-2 is there any issue with that ? I want to make sure it doesn't create issue for IPTelephony application.

BR,

Rizal Ferdiyan

Hi Rizal,

I have seen networks where they have servers distributed over WAN and it works well. All it depends on the below criteria. Please refer the section "WAN Considerations" in SRND based on your CUCM version to get some clear idea.

The one-way delay in a voice network should be less than or equal to 150 milliseconds and the maximum one-way delay between any two Unified CM servers should not exceed 40 msec.

Thanks,

Kasi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: