[VOIPSEC] softphones and VPNs

Michael Reilly michaelr at cisco.com
Tue Apr 4 15:57:54 CDT 2006 

Cisco devices would be able to do this also.  In fact using some VPN gateway
devices (both Cisco and non-Cisco) you can switch traffic onto a specified vlan
based on any distinguishing characteristic - destination address,
source/destination port, type of service, etc.  So the trick is to determine a
characteristic which clearly distinguishes VoIP traffic from other traffic
coming from the laptop (after it is de-capsulated from the VPN) and use that to
switch the traffic.

michael

Graham, Doug wrote:
> I'm confident you could do this with a Juniper Netscreen. I think you
> can define sub-interfaces or separate physical interfaces and assign
> them to separate VLANS. Add the Netscreen Remote client to the PC and
> then use routes and policies in the Netscreen to route, permit and deny
> traffic on an interface by interface basis. I would probably define a
> separate security zone for voice and data and build policies on that
> basis.
> 
> I'm not as familiar with the Cisco product line, but I would be surprise
> if you can't do it with that also.
> 
> Doug Graham 
> CISSP, GSEC, JNCIS-FWV 
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Craig
> Sent: Tuesday, April 04, 2006 10:22 AM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] softphones and VPNs
> 
> 
> All, I'm hoping someone can help out with some configuration and/or 
> solution suggestions.  I am on the design team of a VoIP project.  The 
> solution we are designing has two separate VLANs, one for voice and one 
> for data.  The only traffic allowed to travel between VLANs is DNS, 
> DHCP, SNMP and NTP.  The customer is interested in using softphones 
> remotely (business trips, for example) on laptops only.  What we would 
> like to do is make it as simple for the user as possible.  What we would
> 
> like to do is set up a VPN solution where the customer establishes one 
> VPN back to the corporate network to check email and make phone calls.  
> The VPN server would be attached to both VLANs and distribute the 
> traffic to the correct VLAN. 
> 
> Does anyone know of a VPN server that will do this?  Another solution?
> 
> Thanks In Advance.
> 

-- 
---- ---- ----
Michael Reilly    michaelr at cisco.com
    Cisco Systems,  California

More information about the Voipsec mailing list