Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1503
Views
0
Helpful
1
Replies

How To Configure VPN on router 2811 through ASA5505

Go to solution
damiano.milazzo
Level 1
Level 1

‎07-06-2010 04:32 PM

Hello everyone

I apologize for the possible triviality of my question. The current configuration of our company sees as suitable for the border, two ASA5505 below which are installed two routers configured with CCME 2811 Express. When the two AS5505 is configured a VPN connection for transmitting data traffic in our network. Given the presence of several public addresses available on both our locations, I was wondering if you could (and if so how) to configure a VPN between two routers 2811, except that when existing data traffic, dedicated exclusively to voice traffic. Ca you give me a document that teach me how can I solve my problem?

Thanks a lot

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-07-2010 03:02 PM

Damiano,

If you want a separate IPsec VPN for voice traffic only and termination to be done on routers several possibilities exist. Especially if you have IP addresses to spare:

Terminating IPsec VPN on routers.

Terminating GRE over IPsec on routers (gives you more flexibility what and where can be routed, in particular, identifying voice traffic)

Terminating GRE on routers and offloading IPsec to ASAs. (Benefit of the above + ASAs doing encryption).

There is no problem to terminate tunnels through ASA, the only disclaimer is that even in case of static NAT you will most likely need to use NAT-Traversal.

Marcin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-07-2010 03:02 PM

Damiano,

If you want a separate IPsec VPN for voice traffic only and termination to be done on routers several possibilities exist. Especially if you have IP addresses to spare:

Terminating IPsec VPN on routers.

Terminating GRE over IPsec on routers (gives you more flexibility what and where can be routed, in particular, identifying voice traffic)

Terminating GRE on routers and offloading IPsec to ASAs. (Benefit of the above + ASAs doing encryption).

There is no problem to terminate tunnels through ASA, the only disclaimer is that even in case of static NAT you will most likely need to use NAT-Traversal.

Marcin

0 Helpful
Customers Also Viewed These Support Documents