Re: IP Telephony via VPN across the Internet.

abdulr · ‎06-29-2001

Hi,

Have anyone implemented IP telephony via VPN across the internet. Is there any identified issues in implementing it.

The setup is, the customer has got call manager at one location and the remote location doesn't have call manager, all phone will register to the call manager at the central location via VPN. They have unity at the central location. The VPN tunnel is between PIX firewall and SonicWall firewall.

Any issues related to the firewall, is there any other port that needs to be opened except for TFTP and 2000 (TCP) on the firewall.

Any inputs will be appreciated.

dgoodwin · ‎06-29-2001

Well, QoS could be a major issue going across the Internet, but from a basic functionality standpoint, you shouldn't have any problems getting it to work. TCP/2000 will be used for phone registration and Skinny signaling messages, and random UDP ports between 16384 and 32767 would be used for audio streams.

Also you may have to be careful if you are using NAT anywhere in the picture. If you have a VPN tunnel and the phones and CallManager can talk to each other as if they were on the same private network, then it should be fine.

8dgoswick · ‎07-05-2001

We've been doing this for the past year without any problems. QoS is a concern, however, we made sure that we stayed with the same ISP at every site, and that they had a good SLA. We have a full T1 at each site, and we may have at the most 3 calls max at a time. If you fill your bandwidth more, or you can't count on you service level, than yes, QoS becomes a bigger issue.

abdulr · ‎07-07-2001

Thanks for the input,

Was able to successfully implement VOIP/AVVID, via VPN over the internet, only issue is packets getting dropped once in a while because of delay.

Thanks

rkeblusek · ‎07-13-2001

I have been quoting one of these for a new client on the Qwest VPN service. The limitations are really QoS. I am not aware of any VPN services delivering guaranteed QoS to date. Also, be cautions on the latency claims, they may be an average for a compelte month and not at any time. You have to read the fine print.

I believe one of the problems with QoS on the VPN is that IPSec will hide the type of traffic from the Internet routers. Even if they have QoS setup end-to-end the IPSec may not allow them to determine a voice from a data packet.

jtowne · ‎07-13-2001

On a connection note- I would be careful with the PIX to Sonicwall config.

We have this working but there is a bug that we have identified and notified Sonicwall about that only allows the Sonicwall to renegotiate the tunnel if it goes down. They have reproduced the problem and claim to have a fix coming in the next firmware upgrade. (I have yet to see this yet) Right now a frustration for our data, but for voice this could be disastrous!!!!

nomsdos · ‎07-18-2001

I have been doing this for about 9 months now. It works great on Cable Modem, DSL and ISDN. The only thing that you have to watch for is bandwidth utilization. I have had up to 3 phones on a cable modem, and have also created an MGCP gateway (using a VG-200 with FX0, and FXS cards) over that connection. All works fine. For my VPN I use a hardware solution from Red Creek Communications (http://www.redcreek.com). It is solid as a rock, easy to congfigure and totally reliable. The one caviat is that I had to hand program the IP address information into the phones vs. using DHCP.