Please I need help on understanding the type of VPN to use for my network remote connection.
We are planning to setup all our branch offices to use the HQ network and share resources. We plan to deploy a unified communication of BE3000 from HQ over Cisco ADVSNF network design.
We will be using ISR2951 in HQ and ISR1941 routers in remote offices. In addition to these, we are using SPA8800 as our VoIP gateway device to integrate PSTN to our VoIP network. We want the call management and database to be hosted in HQ only because we don't have IT staffs in the remote branches.
We realised that we need to buy SSL VPN licenses for all users (up to 150) connecting to HQ from remote offices, and this is not cheap for us at all.
1. Must we use a purchased SSL VPN to achieve our goals? Would IPsec on windows OS achieve this goals for us?
2. Is there a cheaper cisco gateway module we can add to the ISR routers instead of using the external SPA8800 cisco gateway device to integrate PSTN to our network?
3. Is there a better option to the VoIP solution we have choosen?
I will really appreciate any helpful advice on this issue.
Thank you all.
first of all it's important you explain how many ip phones do you need by branches and hq
second, on the branches and hq what is the connectivity to pstn?
third, how many analog lines do you need for branches and hq?
1) you can use ipsec, with a sample hub and spoke design if the typical voice traffic will be through branches and hq.
2) the be3000 support only spa8800
if you use be5000 you need of other router because 1941 doesn't capability to install vic, you can consider an 2901 with vic fxo and ata187 for fxs
3) you have considered the be5000?
with be5000 an 2901 (depends of numbers of ip phone) you can activate srst function on the branches
compares with be5000 be3000 and check all the options you need
Thanks, I really appreciate your contribution.
Must the IPsec licenses be from cisco? Can I use openVPN licenses? The design will be hub and spoke because the be5000 will seat in HQ but the operation will be a mesh operation where the branches can also call each other using VoIP.
There will be 20 SIP6941 IP Phones in HQ and 6 each in all the six branches.
The PSTN connectivity if via FXO in all sites. 8 PSTN lines via FXO in HQ, 4 each in branches via FXO
I have looked at be5000 and it fits my application more than be3000. the total number of IP Phones is 56. I think using 2900 series ISR makes things less cumbersome at the branches.
Please I need to know if i am limited to using cisco ipsec vpn or i can use openVPN (my choice).
Many thanks for your help and timely advice. I appreciate it.
well, you can use ipsec with 2900 to reduce devices
it's very simple tunnel gre with ipsec, http://www.iplogic.nl/ipsec-over-gre-part-ii/
with hub and spoke and based on your speed circuits you must consider the call admission control