ipsec vpn cisco phone

sims · ‎07-24-2019

Hi,

I have cisco cucm on Head Office and Branch there is phones also

cucm server ip is 10.0.2.10 and phones are head office also in the same network . And I want phones in branch also in the same network ( it 10.0.2.10 )

Can I achieve these using ipsec vpn

How can i do that ?

second question based on the below attachment

can I use 0.0.0.0 as local subnets and remote subnets

Thanks

boneyard · ‎07-24-2019

that is not possible with IPsec VPN.

an IPsec VPN is between different layer 3 networks.

if you really want this you need to create a streched layer 2 network (via vxlan or l2tp or such)

i would advise you to look into just getting your phones working via layer 3, so allow that the cisco pbx can accept phones in other networks.

sims · ‎07-25-2019

Hi,

Why we need tunnel interface for ipsec vpn

Thanks

boneyard · ‎07-25-2019

do don't need it (there is an alternative), but it is quite useful. easy to route to, easy to built policies.

is there a reason you don't want it?

sims · ‎07-26-2019

Hi,

What is the benefit if we add tunnel interface and what are alternative

Thanks

boneyard · ‎07-26-2019

you could try a google search yourself also ...

benefits for me include

easy to route to

easy to built policies

most common method with FortiGate, meaning most documentation and example

the alternative is policy based VPN, see: https://docs.fortinet.com...icy-based-ipsec-tunnel