I also have Microsoft ISA Server (2004). Initially I wanted to pass traffic all traffic through it. However, after doing some research I found that this would be impracticle for us for 2 reasons: 1) it appears that ISA Server 2004 doens't play nice with SIP and QoS, and 2) we do not have control over our router, so we cannot enable QoS at this point either. We have too much traffic to pass traffic reliably through this gateway without QoS.
For my tests with sipXecs, I have set up a completely independant network that has a separte and dedicated internet connection. The sipXecs box has all needed services and it works really well. I would like to do something very similar as you, but I'm not sure if it's practicle / possible (my network knowledge is limited). What I'd like to do is to put the sipXecs box and the second router on our current LAN (single NIC). I would disable DHCP and DNS from both sipXecs and the router and use the Windows DNS and DHCP servers (with the appropriate options set). I'd set up the sipXecs box to use the second router as the gateway. Since NAT is in play, I believe all traffic from the IP phones to the ITSPs will go through the sipXecs media relay service, which would then go through the gateway specified in the sipXecs box. This, I think, would allow me to have the sipXecs box on the same LAN and allow all VoIP communication to go throught he second gateway. The main reason I want the sipXecs box on our current LAN is to simplify debugging, configuration, and in the future, to use local API calls from custom built apps (rather than going out to the WAN for API calls). I'm sure this is all networking 101, but I'm hoping I'm not out in left field here. Does anyone know if this is practicle or if it's the best approach? Thanks, Tim P.S. I'm not trying to hijack this thread. I hope that the information that we learn can benefit both of us. -----Original Message----- From: sipx-users-boun...@list.sipfoundry.org [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Andreas (Around the Clock Information Systems) Sent: June 4, 2009 3:22 AM To: 'Michael Picher' Cc: sipx-users@list.sipfoundry.org Subject: Re: [sipx-users] Redundant network interfaces Dear Mr. Picher, (and list) Thanks for your suggestion; unfortunately in the environment that I described below, creating a new VLAN is not an option for multiple reasons which would take me way too long to explain. Perhaps a little more information is in order however: This network has three spokes, which are also represented by three unique VLAN's VLAN1 - Internal Private LAN, Class C, 192.168.XX.XXX, DHCP VLAN2 - DMZ, Class B, 172.XX.XXX.XXX, All hosts have Static IP's VLAN3 - External (faces the inside port of the default gateway), 12.160.XX.XXX The sipXecs PBX would be servicing telephones on VLAN2. I envisioned eth0 being connected to this VLAN (VLAN2), and eth1 being connected to VLAN3 with a static Internet IP. In case I wasn't clear below, the sipXecs would be hosting its own DNS (BIND), DHCP and TFTP for the phones. With the exception of DNS, there are no other Windows services that would be in conflict on the VLAN2 subnet; nor would the telephone system be relying on any Windows services to function. Additional recommendations graciously welcomed :-) Andreas Systems Engineer Around the Clock Information Systems -----Original Message----- From: sipx-users-boun...@list.sipfoundry.org [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael Picher Sent: Wednesday, June 03, 2009 8:30 AM To: Andreas (Around the Clock Information Systems) Cc: sipx-users@list.sipfoundry.org Subject: Re: [sipx-users] Redundant network interfaces Why don't you put the PBX on its own VLan, you can set the devices on that network to have a different firewall as a default gateway. Also, then your DHCP / DNS are separate from the Windows environment and thus you are not defendant on the Windows services to keep your phone system running... Mike On Wed, 2009-06-03 at 03:20 -0400, Andreas (Around the Clock Information Systems) wrote: > Dear sipXecs Users, Experts and Developers, > > I stood up my first sipXecs machine a little over a month ago (build > 4.0.0-015321) and after about a week of on and off tinkering, I pretty much > have everything working. This particular server happens to have two NIC's > in it, and before I thoroughly read all the documentation, thought that I'd > point eth0 towards the internal LAN and eth1 towards the public Internet. > My logic was that the internal (LAN facing) NIC would service all the phones > and handle all intranet calls (extension to extension), while the external > (Internet facing) NIC would handle any calls destined to our ITSP and > ultimately the PSTN. After struggling with this configuration for a day or > two, I discovered this tiny little Wiki page titled "Redundant network > interfaces" at the address of > http://sipx-wiki.calivia.com/index.php/Redundant_network_interfaces. > Technically, these are NOT "redundant". They actually serve two different > purposes (in my mind) as described above. Here is the quote from that page > that concerns me: > > "It may or may not be possible to run sipXpbx on a system that has multiple > IP interfaces, but the results may be unpredictable and it is not > recommended." > > Bummer. . . If only I had discovered that sooner, I could have > saved myself three failed install attempts (twice from the sipXecs IP PBX > Single Install CD, and one from scratch). > > So, those of you who made it this far are probably saying to > yourselves "is this guy ever going to get to the point?" or "is there a > question in here somewhere?". Please be patient, I'm almost there. . . > > Here's my situation: In the next 30 days I will be asked to stand up a > production sipXecs server on an otherwise 100% M$ Windows only network which > utilizes Microsoft ISA Server as its firewall. From what I have read so > far, M$ ISA Server does not play nicely with IP based PBX's that need to be > connected to the outside world. My plan was to bypass the ISA Server and > configure the NIC's of this production sipXecs system in a similar fashion > as I described above. In spite of the "results may be unpredictable and it > is not recommended" statement above; I have read on this very list that > there are those among you who have successfully gotten "multiple IP > interfaces" working on their sipXecs servers. That's the background > information. Here are my specific questions: > > 1.) DNS - I have learned the hard way that proper DNS configuration is > critical for proper sipXecs operation. If using DNS (BIND) and DHCP on the > sipXecs server itself, how does a proper DNS configuration on a dual NIC > server differ from a sipXecs server with a single NIC? > > 2.) What are your recommendations with regard to configuration order? I.E. > System, Devices, Users, Features, etc. Would you recommend any specific > deviation in the configuration order as recommend by "The sipXecs IP PBX > Configuration Server" Wiki page at > http://sipx-wiki.calivia.com/index.php/The_sipXecs_IP_PBX_Configuration_Serv > er? > > 3.) Gotchya's? Are there any specific sipXecs services that > absolutely-positively will not work on a multiple IP interface > configuration? > > 4.) Am I dreaming? Wasting my time? Barking up the wrong IP PBX tree? > > To all that have made it this far, thank you for reading, thanks for > your time, and I look forward to your input/suggestions. > > Best wishes, > > Andreas > Systems Engineer > Around the Clock Information Systems _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
