1. Home
  2. Cisco Systems
  3. VoIP + PIX = dual WAN connect

VoIP + PIX = dual WAN connect

just looking for some comments on a conceptual design for a new VoIP converged network to our branches..

Each location will get a primary Sprint MPLS connection Each location will get an Internet connection via AT&T IP

The hardware looks like a single 2800 router with a PIX sitting behind it.

-----> local network ---> PIX ---> 2800 ===> (s0) MPLS T1 (s1) Internet T1

Does this make sense - to co-mingle the internal MPLS WAN with the Internet on the same router ? The intent is to separate out the Internet traffic, along with provding a potential VPN backup in case the MPLS burbs. And what will the PIX do that can't be defined within the 2800 ?

tnx -

Reply to
Phil Schuman
Loading thread data ...

an Internet connection via AT&T IP

Using an Internet based VPN as backup is done all the time.

The 2800 is capable of running the IOS firewall feature so you probably do not need a PIX firewall.

Setup a dynamic routing so that loss of connectivity over the MPLS network is detected and routed around over the VPN backup.

Watch out for the GRE + IPSEC MTU hit on the GRE tunell over Internet T1 access.

Reply to
Merv

Hi,

Several thoughts about your design,

- I personally would never combine an internet feed with a corporate WAN on a single device. Especially not with VoIP running over the same box. Any internet traffic could disrupt services for both the internet and corporate wan traffic (DoS, IOS bug, ...).

- Although it can be done, I wouldn't run VoIP traffic over the PIX. I've seen several issues with PIX (6.3) and VoIP, the most anoying being call-setup latancy (no audio for the first second of the conversation))

- I would add a small router that can service the internet connection and wire things like this: (PIX and 2800 connected to local network and add a serial/ethernet router for the internet connection behind the pix.)

Reply to
Erik Tamminga

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.