[VOIPSEC] softphones and VPNs

Lisciotto, Carmelo Carmelo.Lisciotto at pega.com
Wed Apr 5 07:50:43 CDT 2006 

 Use the CISCO SSL VPN on the AS5520


 
Best regards,
 
Carmelo A. Lisciotto
Senior Director, Infrastructure Services
Pegasystems Inc.  
101 Main Street. 
Cambridge, MA  02142-1590
617-374-9600 x6306   708-932-0828 [mobile]  
            
    carmelo.lisciotto at pega.com     
"per nostram calliditatem superamus"

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Michael Reilly
Sent: Tuesday, April 04, 2006 4:58 PM
To: Graham, Doug
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] softphones and VPNs

Cisco devices would be able to do this also.  In fact using some VPN
gateway devices (both Cisco and non-Cisco) you can switch traffic onto a
specified vlan based on any distinguishing characteristic - destination
address, source/destination port, type of service, etc.  So the trick is
to determine a characteristic which clearly distinguishes VoIP traffic
from other traffic coming from the laptop (after it is de-capsulated
from the VPN) and use that to switch the traffic.

michael

Graham, Doug wrote:
> I'm confident you could do this with a Juniper Netscreen. I think you 
> can define sub-interfaces or separate physical interfaces and assign 
> them to separate VLANS. Add the Netscreen Remote client to the PC and 
> then use routes and policies in the Netscreen to route, permit and 
> deny traffic on an interface by interface basis. I would probably 
> define a separate security zone for voice and data and build policies 
> on that basis.
> 
> I'm not as familiar with the Cisco product line, but I would be 
> surprise if you can't do it with that also.
> 
> Doug Graham
> CISSP, GSEC, JNCIS-FWV
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] 
> On Behalf Of Craig
> Sent: Tuesday, April 04, 2006 10:22 AM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] softphones and VPNs
> 
> 
> All, I'm hoping someone can help out with some configuration and/or 
> solution suggestions.  I am on the design team of a VoIP project.  The

> solution we are designing has two separate VLANs, one for voice and 
> one for data.  The only traffic allowed to travel between VLANs is 
> DNS, DHCP, SNMP and NTP.  The customer is interested in using 
> softphones remotely (business trips, for example) on laptops only.  
> What we would like to do is make it as simple for the user as 
> possible.  What we would
> 
> like to do is set up a VPN solution where the customer establishes one

> VPN back to the corporate network to check email and make phone calls.
> The VPN server would be attached to both VLANs and distribute the 
> traffic to the correct VLAN.
> 
> Does anyone know of a VPN server that will do this?  Another solution?
> 
> Thanks In Advance.
> 

--
---- ---- ----
Michael Reilly    michaelr at cisco.com
    Cisco Systems,  California

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list