Ok, so slap a separate small firewall in between Vlan 2 and Vlan 3... have the PBX and phones point to it for a default gateway and have routes to point to another router to get to VLan 1 if you need to.
On Thu, 2009-06-04 at 03:22 -0400, Andreas (Around the Clock Information Systems) wrote: > Dear Mr. Picher, (and list) > > Thanks for your suggestion; unfortunately in the environment that I > described below, creating a new VLAN is not an option for multiple reasons > which would take me way too long to explain. Perhaps a little more > information is in order however: > > This network has three spokes, which are also represented by three unique > VLAN's > > VLAN1 - Internal Private LAN, Class C, 192.168.XX.XXX, DHCP > VLAN2 - DMZ, Class B, 172.XX.XXX.XXX, All hosts have Static IP's > VLAN3 - External (faces the inside port of the default gateway), > 12.160.XX.XXX > > The sipXecs PBX would be servicing telephones on VLAN2. I envisioned eth0 > being connected to this VLAN (VLAN2), and eth1 being connected to VLAN3 with > a static Internet IP. In case I wasn't clear below, the sipXecs would be > hosting its own DNS (BIND), DHCP and TFTP for the phones. With the > exception of DNS, there are no other Windows services that would be in > conflict on the VLAN2 subnet; nor would the telephone system be relying on > any Windows services to function. > > Additional recommendations graciously welcomed :-) > > Andreas > Systems Engineer > Around the Clock Information Systems > > > -----Original Message----- > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael Picher > Sent: Wednesday, June 03, 2009 8:30 AM > To: Andreas (Around the Clock Information Systems) > Cc: sipx-users@list.sipfoundry.org > Subject: Re: [sipx-users] Redundant network interfaces > > Why don't you put the PBX on its own VLan, you can set the devices on > that network to have a different firewall as a default gateway. Also, > then your DHCP / DNS are separate from the Windows environment and thus > you are not defendant on the Windows services to keep your phone system > running... > > Mike > > On Wed, 2009-06-03 at 03:20 -0400, Andreas (Around the Clock Information > Systems) wrote: > > Dear sipXecs Users, Experts and Developers, > > > > I stood up my first sipXecs machine a little over a month ago (build > > 4.0.0-015321) and after about a week of on and off tinkering, I pretty > much > > have everything working. This particular server happens to have two NIC's > > in it, and before I thoroughly read all the documentation, thought that > I'd > > point eth0 towards the internal LAN and eth1 towards the public Internet. > > My logic was that the internal (LAN facing) NIC would service all the > phones > > and handle all intranet calls (extension to extension), while the external > > (Internet facing) NIC would handle any calls destined to our ITSP and > > ultimately the PSTN. After struggling with this configuration for a day > or > > two, I discovered this tiny little Wiki page titled "Redundant network > > interfaces" at the address of > > http://sipx-wiki.calivia.com/index.php/Redundant_network_interfaces. > > Technically, these are NOT "redundant". They actually serve two different > > purposes (in my mind) as described above. Here is the quote from that > page > > that concerns me: > > > > "It may or may not be possible to run sipXpbx on a system that has > multiple > > IP interfaces, but the results may be unpredictable and it is not > > recommended." > > > > Bummer. . . If only I had discovered that sooner, I could have > > saved myself three failed install attempts (twice from the sipXecs IP PBX > > Single Install CD, and one from scratch). > > > > So, those of you who made it this far are probably saying to > > yourselves "is this guy ever going to get to the point?" or "is there a > > question in here somewhere?". Please be patient, I'm almost there. . . > > > > Here's my situation: In the next 30 days I will be asked to stand up a > > production sipXecs server on an otherwise 100% M$ Windows only network > which > > utilizes Microsoft ISA Server as its firewall. From what I have read so > > far, M$ ISA Server does not play nicely with IP based PBX's that need to > be > > connected to the outside world. My plan was to bypass the ISA Server and > > configure the NIC's of this production sipXecs system in a similar fashion > > as I described above. In spite of the "results may be unpredictable and > it > > is not recommended" statement above; I have read on this very list that > > there are those among you who have successfully gotten "multiple IP > > interfaces" working on their sipXecs servers. That's the background > > information. Here are my specific questions: > > > > 1.) DNS - I have learned the hard way that proper DNS configuration is > > critical for proper sipXecs operation. If using DNS (BIND) and DHCP on > the > > sipXecs server itself, how does a proper DNS configuration on a dual NIC > > server differ from a sipXecs server with a single NIC? > > > > 2.) What are your recommendations with regard to configuration order? > I.E. > > System, Devices, Users, Features, etc. Would you recommend any specific > > deviation in the configuration order as recommend by "The sipXecs IP PBX > > Configuration Server" Wiki page at > > > http://sipx-wiki.calivia.com/index.php/The_sipXecs_IP_PBX_Configuration_Serv > > er? > > > > 3.) Gotchya's? Are there any specific sipXecs services that > > absolutely-positively will not work on a multiple IP interface > > configuration? > > > > 4.) Am I dreaming? Wasting my time? Barking up the wrong IP PBX tree? > > > > To all that have made it this far, thank you for reading, thanks for > > your time, and I look forward to your input/suggestions. > > > > Best wishes, > > > > Andreas > > Systems Engineer > > Around the Clock Information Systems > > > _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
