Recommendations for VPN and routers for remote offices

[gesmsa]

We have an IP403 and will be adding "softphones" for travelling users and IP4620SW sets for remote offices. What we are struggling with is the configuration of the VPN and the selection of the routers, etc so that we aren't breaking the bank account and not opening our network to secutiry risks.

For the 5 remote offices are "home offices" with a single IP4620 extension. The users are primarily telephone support worker (inbound calls) and some outbound sales calls.

We currently have a test configuration setup that uses Linksys RV042 routers at the main office and a RV042 at one location to establish the VPN and this is working quite nicely.

Our concern is that for the remote offices, we want to use a "residential" cable modem service with a dynamic IP address AND allow the employee to also connect their "personal" computers (ie. Kids, spouse laptop, etc) to their internet connection, without them accessing the VPN and our internal servers. In other words we just want the phone to use the VPN, and the rest of the traffic should be by pass this all together.

So I have a few of questions;

1) Does anyone have experiene with the Linksys RV042 and the IP403 with remote access.
2) Any suggestions for the remote offices and restricting access to the VPN?
3) Router suggestions - we are not married to the RV042 or Lynksys at this stage, however, it does fit our price point for the remote offices. If someone has used a better "suite" of VPN routers (ie, main office, remote office, softphone clients) I would appreciate any tips/techniquies/suggestions.

TIA.

Geoff.

 

[bwilch]

I believe on the routers that Linksys has, you can determine which IP addresses have access to the tunnel. I've not messed around with it for about a year now, so I'm not sure what has changed, but I would look that direction.

As far as cost savings on routers, if the Linksys is working for you, you already have them, why look to replace them?

 

[SuperJenks]

There are so many considerations that must be thought through. Unfortunetly I dont have time to spell them all out right now. I will mention a couple:

First, if the phones are going to be used through a residential broadband internet connection, make sure that any other networked computers on the lan are wired back through the IP hard phone (assuming you are using IP hard phones) were you would plug in a single PC. Doin this will allow voice packets to always be transmitted first over any other data that might be transmitted. The IP Phones have a built in QoS with the data ports on it. This will insure good voice quality. We had this issue with a client. Unless you are running full QoS through your router and vpn.

Also, make sure that the home pc's dont have any spyware or anything unessesary that makes a connection to the internet that may eat up your bandwidth (Like any messengers). Especially if they have kids. Kids go crazy downloading and trying programs from the net. Also downloading any file durring voice conversations will seriously degrade the voice quality. I would suggest you guys test this all out from home before deploying it for the customer.

As far as routers are concerned, I think the linksys will do fine. Make sure the Main site router can bridge the multiple vpn connections so you can use the direct media path feature to free up vcm channels. Otherwise you will find out the hard way like me.

If i have time, i will post more tommorrow. Good luck

 

[casadeseus]

Geoff;
We are using the RV042 as well to connect 10 users in total we have 11 (one for the head end.)
this device works great as a vpn tunnel make sure all of them have the same firmware version (latest from linksys).
The customer has IPO 4.1(27). My problem is that the phones work fine on the 1st try (Extension name, time, dial tone, clear), but after several hours the phone will go to discovering and I can't not longer ping. (phone has static ip outside the DHCP scope in linksys), PC has IP from Linksys DHCP. Bringing the phone back is a royal pain. I can't even document the steps, because they are different in each users case.
my sugguestion to Geoff is to try this at home, before you deploy. and my question to superJenks is what can i do to avoid the phone from falling into discovering.

Regards;
JC./

 

[avayaconsultant]

Kentrox makes both T1 and Ethernet style routers with QOS. They are the Q2200 and Q2300. They also have a Q2400 that is dual T1. They are a pretty good company to work with and support is great. By the way, they are a big Avaya partner now in the Dev Connect program.