What's the craic y'all!?

[Brian]

Hey all,
How goes things in the world of C2K and school it these days?

[Stephen]

Mad as ever Brian. My colleague had to use Collaberate today (web discussion c2k thingy). It told him he had an old version of Java and needed to update. However Java Update web page is in the Red Zone (no reason can be given why) and therefore c2k have it blocked and wont unblock it.

So just the usual here!!

[Brian]

Sounds just the way it was when I left, Lot6 or ENNI, it's all run by the same run of the mill "geniuses" lol

I'm currently having great crack configuring an IPsec site to site VPN and trying to get VOIP to work across the connection, not easy!

[Si]

How's things Brian? I still lurk on this site when I get the chance - always good to see the crap I don't have to deal with, only to realise I've swapped one set of crap with another... I've had to set up a few site to site VPNs too although I've never had to try sending VOIP through one.  Good luck!

[Brian]

Hey Si, yeah, it's not easy done, even getting the connection to work was fun, never mind getting the data flowing in both directions on the tunnel. It's working at the moment, but it's even more fun trying to get the VOIP to work down it. We had been advised, after a couple of weeks working on it, to try to use two tunnels, one for data and one for the voip, as each uses a separate VLAN, but I since found that we can't point two IPsec tunnels at the same public IP as the encryption can't handle it, it must clash in some form or another. So then I tried adding the VOIP VLAN IP as a second proxy in the IPsec tunnel itself with a static route in the virtual router in our firewall, again, no luck. The DHCP just isn't being picked up properly by the VOIP phone on the other end, and also ends up turning up in the leases of the data VLAN DHCP scope on the server.

Fun and games!

[Si]

Maybe it depends on the firewall you are using!  We use Sidewinders here and, to be honest, its pretty easy to configure the tunnel - you just need to make sure the configurations are the same with the other site!

I've noticed that something don't seem to work so well with the most secure settings - sometimes you need to lower the encryption to get traffic passing through.

Not sure why you are offering DHCP to a different site though. Don't they have their own?

[Brian]

They do have their own DHCP, but we decided that it would be best to keep the config for that the same as we would for sites connected via leased line and use the router as a DHCP relay.

[Gerard]

...meanwhile In a school not far away, I turned a few PCs off and on again!

Great to see you guys getting challenged out in the real world, sounds refreshing

[Brian]

Oh, I remember the good old days when I was out and about, walking into schools and turning computers off and then on again for "IT Techs" who didn't know how! lol ;-)

We just ordered a new Cisco 867VAE router, which is going to be fun. No GUI interface that I know of on it, unlike the one we had running, but this will be capable of handling multiple static IPs, so we hope that with this, we'll be able to use multiple VPN tunnels to enable use of both data access and VOIP.

Though, I might have to config the whole thing with CLI, not too bad, will be good experience!

[Telone]

Brian why do you want to use VOIP over VPN it seems like a lot of trouble just to make a call 

[Brian]

Always good to have more experience! :-P Ability to CLI config Cisco router from scratch, configure and enable an IPsec gateway-to-gateway VPN with IKE phase 1 and 2 encryption to allow both generic and VOIP data transfer between HQ and remote site utilizing DHCP relay.

Something else nice to add to the LinkedIn profile lol

[Si]

Sounds like pure fun.  Once the tunnel is up, it shouldn't really matter what traffic goes through it. The fun comes in when both sites are using private addressing.  The world of NATing can be a confusing one.