Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Victor
    replied
    Site 2 Site

    I am doing a VPN tunnel using a Sonicwall 2040 Pro with enhanced OS at the location the Shoretel switch and workgroup server are located. On the other end I'm using a Netgear FVS318 firewall. I paid a whole $18 on eBay. The phone is a IP230 and a Shoretel POE injector powering the phone. QOS is set on the Sonicwall. The Netgear doesn't support QOS. Voice quality has been excellent. My ISP is AT&T and my latency to the other site is 12ms. I recently switched from my local cable company. When I was on that connection my latency was 60ms. ++ and up to 380ms with dropped packets. To answer the previous question. You will want to make sure you assign a static IP on your local subnet with a mask of 255.255.255.0 gateway should be the same you use for internet access. FTP server should be a static on the other end of the VPN tunnel reserved for the workgroup server running FTP. The next item in the configuration is MPLS (I don't remember the acronym) but it should be the same as the FTP server. Just hit # for everything else unless you are doing VLAN's.

    I think the biggest factor is the quality of your ISP and the latency between sites. No high priced firewall doing QOS on every packet can't make up for a Mom & Pop ISP selling you a crappy service.
    Good Luck

    Leave a comment:


  • Forum
    replied
    Originally posted by ymm
    Anyone can help?
    Are you programming the phone manually with the IP Addresses, or are you using DHCP? If you are using DHCP, you need to include option 156. If this is a small site, it may be easier to assign them manually with static IP addresses. (option 156 includes the IP of the FTP/Shoretel server)

    Leave a comment:


  • ymm
    replied
    Anyone can help?

    Leave a comment:


  • ymm
    replied
    Remote access to ftp server

    I'm testing site to site thru vpn. Unfortunatly the remote ip phone can't find the ftp server. It works using the cached config.
    Any thoughts?

    Leave a comment:


  • Greg_A
    replied
    Originally posted by cburgy
    Ok. DSCP at the policy level is just to mark the packets though (not policing). You'll like ScreenOS 6.0 that just came out. It includes an Auto VPN feature (like Cisco's) that will automatically create a mesh between the spoke sites dynamically instead of manually configuring it all.

    You are right - there's not much in the way of enforcement on the DSCP, but then again we haven't really had need for it.
    Yeah I've been peeking thru the manual for ScreenOS 6.0. Looks pretty good from waht I've gleaned.

    Leave a comment:


  • cburgy
    replied
    Originally posted by Greg_A
    Sorry for long delay - been on vacation!
    In order to keep things simple, we did not implement any form of QoS as of now. Our plan is simply, we'll fix it if it needs it but in the meantime less complications are best. However if you have your phones isolated on separate VLANs or subnets you can do DSCP on the policy level. In our instance, it hasn't been needed.
    We're using route-based VPNs with all 8 branches fully meshed and 3 of those ( the large sites) with redundant connections and auto failover.

    Ok. DSCP at the policy level is just to mark the packets though (not policing). You'll like ScreenOS 6.0 that just came out. It includes an Auto VPN feature (like Cisco's) that will automatically create a mesh between the spoke sites dynamically instead of manually configuring it all.

    Leave a comment:


  • Greg_A
    replied
    Sorry for long delay - been on vacation!
    In order to keep things simple, we did not implement any form of QoS as of now. Our plan is simply, we'll fix it if it needs it but in the meantime less complications are best. However if you have your phones isolated on separate VLANs or subnets you can do DSCP on the policy level. In our instance, it hasn't been needed.
    We're using route-based VPNs with all 8 branches fully meshed and 3 of those ( the large sites) with redundant connections and auto failover.

    Leave a comment:


  • cburgy
    replied
    Originally posted by Greg_A
    We've got 8 sites connected with Juniper Netscreen VPN's over the internet. After much pain here's what we found.....

    IF a site has a shoretel switch and server in place - rock solid.
    IF no switch and no server, still ok so long as there aren't more than about 4 users at the remote site. That's with a 3x2 cable connection. At 8 or so users sporadic problems, with 12+ users, hold doesn't work, queue managers doesn't work etc.

    Moral of the story, a Shoretel / VPN can be very stable if you have enough bandwidth and the right equipment.
    Have you setup QOS on your netscreens for shoretel traffic, if so what mechanism (they don't have DSCP policing support which sucks)? Are you doing policy based or route based VPNs?

    Leave a comment:


  • Greg_A
    replied
    We've got 8 sites connected with Juniper Netscreen VPN's over the internet. After much pain here's what we found.....

    IF a site has a shoretel switch and server in place - rock solid.
    IF no switch and no server, still ok so long as there aren't more than about 4 users at the remote site. That's with a 3x2 cable connection. At 8 or so users sporadic problems, with 12+ users, hold doesn't work, queue managers doesn't work etc.

    Moral of the story, a Shoretel / VPN can be very stable if you have enough bandwidth and the right equipment.

    Leave a comment:


  • Forum
    replied
    VPN tunnel encryption can add about 100kb overhead. you do the math.

    -Charles

    Leave a comment:


  • mattwray
    replied
    We have one site off a PIX to SonicWall VPN and my opinion is that VoIP and VPN don't mix. Your QoS will only be valid on your devices, once it hits the Internet it goes out the window.

    All our other sites use MPLS and it is rock-solid. I would suggest either using this or setting up something so that when you call site-to-site you use trunks instead of the WAN.

    Leave a comment:


  • phenix
    started a topic VPN Deployments

    VPN Deployments

    I've deployed remote shoretel phones using IPSec site-to-site SonicWALL VPNs. The HQ has a SonicWALL Pro4060 on a bonded 3.0Mbps pipe. The remotes are protected by TZ170 units on various residential ISP broadband services throughout the east coast, approximately 20 remote users active. I have QoS enabled on the SonicWALLs, with bandwidth management reserving 30% for ShoreTel traffic. It's been nothing but problematic, active phone calls keep dropping, the phones go to "No Service", audio quality is unstable. Some calls go through perfectly, others have very poor quality. I understand the internet is an uncontrolled source and bandwidth fluctuates, especially on the residential side. Is anyone else doing this or something similar? Any ideas? My shoretel is 6.1 with IP230 phones. The SonicWALLs all run OS Enhanced 3.2.
Working...
X