[VOIPSEC] softphones and VPNs
Graham, Doug
dgraham at businessedge.com
Tue Apr 4 09:48:01 CDT 2006
I'm confident you could do this with a Juniper Netscreen. I think you
can define sub-interfaces or separate physical interfaces and assign
them to separate VLANS. Add the Netscreen Remote client to the PC and
then use routes and policies in the Netscreen to route, permit and deny
traffic on an interface by interface basis. I would probably define a
separate security zone for voice and data and build policies on that
basis.
I'm not as familiar with the Cisco product line, but I would be surprise
if you can't do it with that also.
Doug Graham
CISSP, GSEC, JNCIS-FWV
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Craig
Sent: Tuesday, April 04, 2006 10:22 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] softphones and VPNs
All, I'm hoping someone can help out with some configuration and/or
solution suggestions. I am on the design team of a VoIP project. The
solution we are designing has two separate VLANs, one for voice and one
for data. The only traffic allowed to travel between VLANs is DNS,
DHCP, SNMP and NTP. The customer is interested in using softphones
remotely (business trips, for example) on laptops only. What we would
like to do is make it as simple for the user as possible. What we would
like to do is set up a VPN solution where the customer establishes one
VPN back to the corporate network to check email and make phone calls.
The VPN server would be attached to both VLANs and distribute the
traffic to the correct VLAN.
Does anyone know of a VPN server that will do this? Another solution?
Thanks In Advance.
--
Craig L. Bowser
Security Engineer
CISSP
SANS GSEC (Gold)
SRA International, Inc.
703-652-6912
craig.bowser1 at us dot army dot mil
-------------------------------
Rome did not create a great empire by having meetings; they did it by
killing all those who opposed them.
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list