- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Routing voice between spoke points and hub Fortigates
We have a 100D as the hub and 60D's at spoke locals. Trying to find information on routing voice from one spoke to another via the hub.
OR
instruction on a Mesh configuration.
All I'm finding thus far, is for SIP configuration and we are not using SIP. Just basic internet connections.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
First to create VPN tunnels
1>Create two IPSEC on HUB for each branch
2>Keep quick mode selectors on all these VPN to 0.0.0.0/0, this is not neccessary but simplifies configuration to a great extent
3>VPN should be in interface/route mode
Now to allow traffic from one branch to other via HUB there are two methods:
a>Create policies from Branch_one VPN interface to Branch_two VPN interface and vice versa
b> Create VPN concentrator
config vpn ipsec concentrator edit <concentrator_name> set member <member_name> [member_name] [member_name] end
Things which need to be configured carefully:
->Routes on branch_one for HUB and branch_two network with device as VPN interface ->Routes on branch_two for HUB and branch_one network with device as VPN interface ->Routes on HUB: a> Route to branch_one network with device as VPN interface for branch_one VPN b> Route to branch_two network with device as VPN interface for branch_two VPN
->Make sure firewall policies have correct source and destination networks specified which need to traverse through
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My thoughts,
VoIP is sensitive to delay and packet lost. If you route voice traffic from spoke1 ----->hub------->spoke2 you increase the following;
1>more delay
2>more of a possibility to plos ( packet lost )
3>more QoS issues to content with
4>more link utilization that increase item#1 & #2 and mainly the later plos
Even if the remote-branches have a local PBC switch, you would better to route voice direct to the 2nd enpoint or cut-thru
just my general opinion.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc: This was my reason for adding the second part to my question of a Mesh network. Since the 60D has an additional WAN interface, should look at this as my preferred config? If so, have you setup a Mesh network w/combos of 100D and 60D's?
Regards