ISA550 DMZ for VOIP

Similar Messages

• DMZ for VOIP telephone adapter

  I would greatly appreciate if someone could explain how to proceed.
  I am setting up my Grandstream VOIP adapter behind my airport extreme. (I previously had it behind the cable modem (Optimumonline) and in front of the Airport but i could not get Back to My Mac to work.)
  I called the VOIP company (ViaTalk) and they suggested putting the Grandstream into the DMZ. They were kind enough to send instructions but they proved to be useless as they are for a generic router in a windows set up.
  The only information I was able to find on the web are the following instructions;
  "I am using one of the new Airport Express base stations with my ViaTalk and it works great. They key is, under the NAT tab, do TWO things.
  ONE: Give the ViaTalk adapter a static DHCP setting by using the Mac address and telling the Airport to always give your ViaTalk TA the same IP.
  Then, make the IP of your viatalk adapter the DEFAULT HOST. This is known on most routers as the DMZ. This will open all ports to your TA and voice quality will be outstanding so long as you're not saturating your internet pipe. I have a 15mbps/2mbps connection so that's not really a problem for me."
  Is this good advice? It is from a two year old post. If it is I don't know how to assign the "mac address to the particular device in step 1.
  If this is bad advice could someone please advise me how to add the device to the dmz?
  Thanks

  You're almost there!
  Here are the basic steps ...
  1. Reserve a DHCP-provided IP address for the Grandstream adapter.
  AirPort Utility > Manual Setup > Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC hardware address of the adapter>
  o IPv4 Address: <enter the desired IP address that you want to reserve for the adapter>
  o Click Done.
  2. Setup the Default Host.
  AirPort Utility > Manual Setup > Internet > NAT tab
  o Enable default host at: <enable> & enter the reserved IP address from the previous step in the window.
  o Click "Update"

• Questions On New Domain in DMZ for IBCM

  We would like to create a new, untrusted AD domain in our DMZ for the purpose of IBCM and perhaps to also join workgroup-based servers that would be in the DMZ(for instance Lync Edge server and so on) so they can be more easily managed by using centralized
  group policies.  They will need to at least have managed Windows Updates and centrally managed A/V as well as ways to manage RDP access to them so they can be remotely managed without having to do one-off local configuration on each DMZ server.
  Can the DC required to create this DMZ domain also be the same machine used for the DP/MP/SUP?
  Can the DC and all the other servers located in the DMZ also be be managed via SCCM along with the IBCM clients?

  Can the DC required to create this DMZ domain also be the same machine used for the DP/MP/SUP?
  It *can* be, but it's not a good idea for it to be at all. Putting things on a DC always introduces idiosyncrasies with security and functionality in general. 
  Can the DC and all the other servers located in the DMZ also be be managed via SCCM along with the IBCM clients?
  Yes.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Setting up Cisco SLM248GT-NA switch for VoIP

  Hello Everyone,
  We have a Cisco slm248gt-na smart switch in our office that I am trying to configure to support and optimize for VoIP. We have desktops hooked up off the phones in most cases. Are there any config guidelines to optimize the switch so it has proper QOS set and VoIP gets higher priority over data.
  Thanks, Kind Regards
  Shabbir

  Hello Tom,
  Thanks for your reply.
  We have a pretty straight forward setup. We have 15 Cisco SPA303 phones hooked up to switch and the desktop are connoted via the phone. We have a wireless LAN and a corporate server that servers as a file sharing/vpn type setup. Other than that there are no devices hooked up. We had to implement auto voice vlan feature but were still running into issues like occasional poor voice quality and one way audio type issues. However I did notice something in the configuration menu "Telephone OUI", could you please help us on how to implement that. We are trying to implement best practice to avoid voip related issues that we have been having.
  We also see all the ports in trunk mode. Is that the recommended setting or should we change it to access mode?
  Thanks, Kind Regards

• Installing MP,DP and SUP in DMZ for IBCM

  Hi all,
  I would like start installing MP, DP and SUP role in my DMZ to support IBCM. My DMZ is in the same forest but in different and untrusted domain. The primary site and Enterprise Root Certificate (CA) are in the same domain (intranet). An admin account
  has been created in DMZ domain so the above roles can be installed from primary site server. I am still not too sure how I will install Cert that I created on root CA that is on intranet. Do I need to export it from Intranet and import back on the new site
  server in DMZ or use a different method?
  If the question is too confusing then please give your experience as how you have installed certificate on your site server (DMZ) for IBCM?
  Are you using primary server computer account for installing site roles in DMZ or a user account?
  Do I need to publish site information in DMZ domain as well?
  Thanks

  "My DMZ is in the same forest but in different and untrusted domain"
  This is not possible. By definition, all domains in a forest trust each other -- maybe not directly, but they do trust each other.
  Also, the new system in the DMZ will not be a "site server", it will be a site system (sometime called a site system server but not usually). This may seem like semantics, but its very important because "site server" means something very
  specific which the site system in the DMZ is not.
  Deploying certs in the DMZ can be done in one of many ways. You really should get a PKI smart person involved though because it's not ConfigMgr task. There are ways to deploy certs cross-domain and cross-forest using group policy auto-enrollment but these
  take setup and configuration on the PKI side. Alternatively you could use web enrollment on your CA is it is setup and has the proper templates available -- once again, that will take setup and configuration on your PKI. Finally, you could just use the command-line
  assuming the cert templates are accessible for the system in the other domain.
  For your scenario, you should be able to grant the site server's computer account local admin permissions on the DMZ site system. Don't forget about the FSP which can be very valuable for IBCM but will require and additional site system because it must be
  left to listen for HTTP traffic.
  Finally, publishing site information to the domain allows clients to locate the MP on the intranet however your clients won't be on the intranet to use location information, so that wouldn't help much. Additionally, clients use global catalog queries to
  perform their site location so within a forest, there is no need to publish the same informatin to mutliple domains (unless you have multiple sites which you do not).
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Is QoS tools shape good for VoIP?

  Hi,
  I have MPLS VPN scenario. For MPLS VPN at PE router connecting to hub, I've configured below QoS:
  class-map match-any P1
  match ip dscp ef
  class-map match-any P3
  match ip dscp default
  class-map match-any P2
  match ip dscp af31
  policy-map QoS
  class P1
  priority percent 35
  class P2
  bandwidth percent 40
  random-detect
  class P3
  bandwidth percent 25
  random-detect
  Since on the egree PE towords the internet, I'm using subinterface thus, the configuration is:
  policy-map cust-qos
  class class-default
  shape average 256000
  service-policy output QoS
  interface FastEthernet1/0.8
  encapsulation dot1q 8
  ip address ...
  service-policy output cust-qos
  Since the internet access is 256K, I've configured shape average 256000.
  My problem is that, during high congestion at internet access, I noticed that on cust-hub my VoIP SIP is having problem to ring to another VoIP SIP within the same hub. Is it because of the shape command ?
  thanks in advanced

  Hi Maher,
  shape average 256000 is to much. The point is, that you have OSI layer2 overhead and layer2 keepalives and such. Lower it to f.e. 240000. You might need to "play" a little with the parameter, as the overhaed depends on average packet size.
  Also make sure, that your SIP traffic is marked with af31. Just as a note: Cisco changed from marking voip signaling with af31 to cs3. Take a sniffer and check that proper markings are in place for voip signaling. Or just try
  class-map match-any P2
  match ip dscp af31 cs3
  Hope this helps! Please rate all posts.
  Regards, Martin

• Using iphone 5 and 5c on ios7.0.4 and would like to use these on wireless only with no carrier service for voip apps.    how to i prevent the Iphone is not activated contact your carrier?

  Hi i am using iphone 5 and 5c on ios7.0.4 and would like to use these on wireless only with no carrier service for voip apps.    how to i prevent the error Iphone is not activated contact your carrier?

  tnguyen9 wrote:
  when i remove the sim card it gives me errors that there is no sim. 
  You should only need a SIM in it to actually activate it in iTunes.  Once activated, leave the SIM in or remove it, it should not matter.
  Then, turn on airplane mode.  And then, go into wifi settings and re-enable wifi (this leaves the cellular radio in airplane mode = powered off).
  Now your iPhone is effectively no more than a (wifi only) iPod Touch.

• Linksys support for VoIP adapters

  I would like to know how to get in touch with Linksys tech support, via e-mail for instance.
  I would like to report a bug and ask for help on a new product I just bought. There doesn't seem to be any tech e-mail I can write to, just this community forum which of course isn't endorsed by Linksys. I posted the following topics here:
  http://forums.linksysbycisco.com/linksys/board/message?board.id=VoIP_Adapters&thread.id=5459
  http://forums.linksysbycisco.com/linksys/board/message?board.id=VoIP_Adapters&thread.id=5458
  If anyone can lend a hand I'd greatly appreciate it. I bought an SPA8000 on-line and don't really know where to ask for help or report bugs. I also tried the online chat service but it is unavailable for my product...
  Thanks in advance.

  Hi prashantqta,
  Welcome to the Nokia discussion boards!
  Unfortunately the Nokia 7230 does not have support for VOIP. Do you currently have this device or are you looking for a device with VOIP?
  Regards,
  haZey
  If you find this post helpful, a click upon the white star at bottom would always be appreciated.
  If it also solves your problem, clicking ACCEPT AS SOLUTION below it will benefit other users!

• Why isn't there yet an available p2p embeded code for voip and video conference in Firefox??

  why isn't there yet an available p2p embeded code for voip and video conference in Firefox??

  So, the upload time will vary on internet connection. If there is an issue with how fast it is uploaded you can check if prefetching is turned on, but this does not really affect uploading [https://developer.mozilla.org/en-US/docs/Controlling_DNS_prefetching Controlling DNS prefetching]
  If you search for solutions, you will see a bunch of tweaks as well that may be helpful to your specific computer. [[Upgrade your graphics drivers to use hardware acceleration and WebGL]] to make sure you are all up to date as well.

• Using the Express as Bridge with an SMC Gateway device for VOIP Possible?

  Hi there:
  I want to purchase a VOIP Internet phone & line and am concerned that it may not work with my Airport Express. I can use any old phone as long as it is hooked up to the VOIP gateway device which must be connected directly to my High Speed DSL modem. I am currently using the Express and am connected using PPoE. What I need to do is connect the VOIP Gateway directly to my high speed modem and then connect the Express to one of the Gateway's LAN ports.
  Here is what I was told, I need the express to be compatible with:
  An SMC Gateway device for VOIP
  The Default Network Setup: 192.168.1.1
  Sub Net Mask: 255.255.255.0
  DHCP enabled
  IP Range 192.168.1.100~199
  The wireless router must be set to bridge configuration.
  What I am thinking is in my Airport Admin Utility go to the Internet Section and change my current PPoE settings to:
  Connect Using: Ethernet
  Configure: Manually
  And then enter the IP Address, Subnet mask as per the instructions
  I am not sure about the router address or DNS servers.
  Or could l just set Configure to: Using DHCP and it would find the SMC Gateway device since I would be plugged into it's LAN port?
  I have not comitted to changing companies yet so I do not have the gateway device and cannot test this out. Please advise if this will work or not.
  Is the Express even compatible with an SMC Gateway?
  Thanks so much
  W

  ...in the Internet section would I leave it as is (currently set to Connect Using PPP over Ethernet (PPoE) or would I need to chane that to Connect Using Ethernet and then Configure to Using DHCP or Manual?
  It doesn't really matter since the AX is acting as bridge. If for some reason setting it one way doesn't work, change it to the other setting.

• Is Low MTU (ie 320) for VoIP over Frame-relay can be used to avoid serialization delay for large data packets?

  In order to provide voice quality for VoIP, is FR fragmentation equivalent to lowering the MTU size for the serial subinterface of a Frame relay subinterface?
  Is there any isues like stop communications, using Low MTU ?

  If the router belongs to any of the
  platform listed below, then use
  FRF12 for you fragmentation. The MTU size
  lowering also works but this can cause a high over
  head as it can't be specified on a per dlci level.
  With multiple dlci i.e. subinterfaces use per dlci fragmentation.. this helps reduce the overhead of changing the MTU size of the physical interface.
  Snip config example.( __Must be configured on both side of the termination___)
  PHONE 3333312---ROUTERA ----DLCI 100----ROUTERB ---PHONE 2111123
  ROUTER A
  dial-peer voice 1 voip
  destination-pettern 2T
  session target ipv4:10.10.10.2
  int ser 0/0
  encap frame-relay
  frame-relay traffic-shaping
  no ip address
  interface serial0/0.1 point-to-point
  ip add 10.10.10.1 255.255.255.252
  frame-relay interface-dlci 100
  class voice
  map-class frame-relay voice
  frame cir 64000
  frame bc 640
  frame mincir 64000
  frame-relay ip rtp priority 16384 16383 48
  frame fragment 80
  frame fair-queue 64 256 0
  ROUTER B
  dial-peer voice 3 voip
  destination-pettern 3T
  session target ipv4:10.10.10.1
  int ser 0/0
  encap frame-relay
  frame-relay traffic-shaping
  no ip address
  interface serial0/0.1 point-to-point
  ip add 10.10.10.2 255.255.255.252
  frame-relay interface-dlci 100
  class voice
  map-class frame-relay voice
  frame cir 64000
  frame bc 640
  frame mincir 64000
  frame-relay ip rtp priority 16384 16383 48
  frame fragment 80
  frame fair-queue 64 256 0
  This should help if your router is
  c2600, c3600, mc3810, c7200, c1750
  all running the right level of IOS.
  12.1(5)T and above should work well.

• Can I divide my Bandwidth dedicated for VoIP

  Hi All,
  Please advice me what I wanted to do is possible or not.
  I have 128 kbps Bandwidth leased line circuit to my branch office in Singapore and I would like to dedicated assign 64 kbps of my bandwidth for VoIP traffice. The rest traffic with go with another 64 kbps.
  I am using cisco 1760 routers and is it possible to do?
  Any advice will be appreciated.

  Bevilacqua,
  I just configure on two Routers. Once I finised the configuration. I saw below output with not packets transfering.
  Router#sh policy-map interface
  Serial0/1
  Service-policy output: llq
  Class-map: voice (match-all)
  0 packets, 0 bytes
  5 minute offered rate 0 bps, drop rate 0 bps
  Match: dscp ef
  Queueing
  Strict Priority
  Output Queue: Conversation 40
  Bandwidth 32 (kbps) Burst 800 (Bytes)
  (pkts matched/bytes matched) 0/0
  (total drops/bytes drops) 0/0
  Class-map: class-default (match-any)
  3269 packets, 2187341 bytes
  5 minute offered rate 57000 bps, drop rate 0 bps
  Match: any
  Router#
  After I made some ph calls. I can see below output showing packets transfering.
  Router#sh policy-map interface
  Serial0/1
  Service-policy output: llq
  Class-map: voice (match-all)
  5045 packets, 322159 bytes
  5 minute offered rate 5000 bps, drop rate 0 bps
  Match: dscp ef
  Queueing
  Strict Priority
  Output Queue: Conversation 40
  Bandwidth 32 (kbps) Burst 800 (Bytes)
  (pkts matched/bytes matched) 3115/128688
  (total drops/bytes drops) 0/0
  Class-map: class-default (match-any)
  16895 packets, 10045657 bytes
  5 minute offered rate 81000 bps, drop rate 0 bps
  Match: any
  Router#
  So, is it working fine now? How can I check it is actually reserver the bandwidth for voice?
  Thanks for your kind help.

• External Ringer for VOIP Phone

  I have external ringers connected to VG224's for VOIP phones in our shops.  I have them configured and they work as they should for a while, but after a month or two it appears to blow up the port on the VG it is attached to.  I am thinking it might have to do with resistance of the bells, but since I am not an electrician I am not sure.  The ringer is a Premier PT-102 bell and per the description is 1000/2650 Ohm.  Has anybody experienced problem with external ringers blowing up VG ports.  Or is there any alternatives to the analog ringers that is designed to work with the Cisco VOIP phones.  Thanks for any info anybody can supply.

  I did get one of the Algo 8180 SIP Audio Alerters and it works great as an external ringer.  Also since it has the capability of paging, we are trying to get it configured to use with our IPCelerate paging solution.  Does anybody have any thoughts or ideas how to accomplish this.  I can get it to page using a direct extension to the Algo device, but can not get it to receive pages from IPCelerate.  Any help would be appreciated.

• Snow and setting priority for voip voice packets?

  I have an engine Voice Box 2 connected to my dual ethernet base station, for voip phone calls using a 1500kbps broadband connection. It all works fine, except sometimes the voice quality of phone calls isn't good - drop-outs occur. Engin support tells me there is a way to configure an airport BS to give priority to voice packet data over other internet data data, and this will improve the voice quality.
  Is this possible with a snow BS, and if so how do I do it?

  OK, Duane and anyone else. My question has been answered via telephone from Apple Australia, on Thursday 22 Feb 2007 at local time 9.01 pm. The answer is: There is no way that any version of an Airport BS can be set to prioritize voip voice packets over other internet packets of data.
  Apple Supporters in other countries may disagree (not a surprise). I've been a Mac user since the first 1984 64K Mac, and I've not been too impressed with Apple phone service during the last 20+ years, so if another Apple tech elsewhere comes up with a different answer I would not be at all surprised.
  So, first premise is my voip provider gave me incorrect info. Second one is maybe someone else gave them the incorrect info. One guess and no prizes as to whom this may have been.
  Bigger surprise is that Apple seems oblivious to how popular voip phone is going to be in the immediate future, and that Mac users are likely to receive inferior quality voice quality and have no way to improve this by tweaking their Airports.

• VLAN translation for VoIP config.

  I have an Cisco 1751-v4 as the core router. Also a Cisco Cat 1900 switch with ports 17-24 configured for VLAN membership VLAN 2 (VLAN 1 is data).
  My goal is to configure VoIP, but I want the VLAN to be on a 172.x.x.x subnet.
  Can I create a second dhcp pool I can include "option 150" for VoIP only?
  my next question is I have a fast ethernet interface (LAN) and an ethernet interface (WAN, which interface do I configure the VLAN encapsulation on?
  I have included my current config below.
  thanks for the help.

  Ankur,
  I am still having issues configuring VLAN's.
  During some reading, I understand I should not have to create a trunk as I am only using a single cisco 1900 switch.I should not have to configure VTP on the switch as well for the same purpose.
  Here is what I am looking at:
  Router#>int fasteth0/0
  ip address 192.168.2.1 255.255.255.0
  ip helper-address 192.168.2.0
  ip nat inside
  From what I have read, I need to configure the DHCP DATA pool (192.168.2.0) as vlan1 native. But when I attempt to configure the IP address for the native VLAN1 on fastethernet0/0.1 (subinterface) I recieve IP address overlap with int fasteth0/0 interface error.
  Question, can I configure interface fastethernet0/0 without an IP address,but configure the subinterfaces 0/0.1 and 0/0.2 with ip address?
  ip dhcp pool Data
  network 192.168.2.0 255.255.255.0
  domain-name 5thborocs.com
  default-router 192.168.2.1
  dns-server 63.162.197.69 208.33.149.39
  ip dhcp pool VoIP
  network 192.168.3.0 255.255.255.0
  domain-name 5thborocs.com
  default-router 192.168.2.1
  option 150 ip 192.168.2.1
  interface FastEthernet0/0
  description Cisco 1900sw
  ip helper-address 192.168.2.0 (or without a helper address)
  ip nat inside
  ip virtual-reassembly
  speed auto
  full-duplex
  interface FastEthernet0/0.1
  description Data
  encapsulation dot1Q 1 native
  ip address 192.168.2.1 255.255.255.0
  ip helper-address 192.168.2.0
  interface FastEthernet0/0.2
  description VoIP
  encapsulation dot1Q 2
  ip address 192.168.3.1 255.255.255.0
  ip helper-address 192.168.3.0
  no snmp trap link-status