I have a question that I haven’t seen clearly answered elsewhere. I am also not familiar with Cisco. I will try to keep it short:
I am moving a very small branch office to a new location, but we have a centrally controlled IT infrastructure team in Europe. I would like to implement a hosted VOIP solution without impacting the current network setup (i.e., VPN/Firewall) or asking this IT team to change anything on the existing LAN Network except the IP address/gateway. The VOIP system will have its own cabling.
Here is the configuration I would like:
• Cisco 861 as main gateway to the Ethernet from the ISP’s modem
• 2 static public IPs from the ISP, one for the VOIP network and one for the LAN
• Cisco 861 acting as NAT/DHCP for the VOIP system on one static public IP
• My company’s Juniper device on the second static public IP managing NAT for the LAN
I have a diagram here to map out what I am considering:
Two options I have seen:
• Setup Proxy ARP on the Cisco router, allowing the Juniper device a transparent (and unsecured/firewalled) route to the internet to get the Public IP and manage the LAN (seen in picture)
• Install an additional switch (with proper QOS prioritizing VOIP) at main entry point of location, and have both routers behind this (to minimize configuration of the Cisco router).
Any advice? Can someone describe how Proxy ARP might be configured in this case to make this happen? Do I need to create static routes?
Thank you for your help.
Well one thing I was thinking to put the VoIP system behind the firewall I worked for a company couple of years back and we used a mixture of SSG5's and 5GT's. We just created separate Voice and Data networks on the firewall. Data network would connect to one switch and Voice would connect to another switch.
Some times create VLAN's and use just one switch. But looks like in your case that won't work per your requirement. Now with 861 you can create two VLAN's including VLAN1. So if you put a Cisco 861 router in the mix your firewall's WAN IP would have to be whatever is the VLAN you created on the router for it. And you will have to setup a NAT on the router to map the private IP (on the firewall WAN interface) to public IP. This seems a bit more complicated instead of just putting it behind the firewall though in my honest opinion.