Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 2063 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phone and Data subnets

Ed Fajardo

Hello,

I have a unique situation.

I have three WAN connections

1) 100Mb primary circuit

2)7Mb bakcup circuit 

3) 3.0 Mb Bonded T1's (Voice circuit)

 

I want to be able to use circuit 1 for everyday use (Already done), Circuit 2 for a P2P IPSEC VPN back to our DataCenter and the last Circuit 3 is for our VOIP phones.

We have the Sophos UTM, two 48-port Cisco 2960's with VLAN1 and VLAN2(Voice) untagged.  This is because our phones and PC's connect via the same switch and some offices have one ethernet drop so we connect t he PC's to the second port on the phones.

I want to have the phone traffic (192.168.30.x/24 - VLAN2) route through to the 10.2.30.1 router for the voice traffic (this is connected to the same switch stack as the Sophos).

The VPN up for the IPSEC VPN to the DC and the regular traffic (192.168.1.x/24) to go out through the first circuit.

 

I've tried many things and keep taking the whole network down with no luck.

All I can get to work is the internal (192.168.1.x/24 subnet) to see the internet, so no big issue since we can all work.

 

Can anyone help with how to get his configuration to work?

 

Thanks!!

Ed



This thread was automatically locked due to age.
  • 0

    Hi Ed,

    Is it possible to make a simple drawing of what you want; I know a lot of people read drawings easier than just seeing the text.

  • 0

    Hi, Ed, and welcome to the UTM Community!

    I second apijnappels' suggestion as I represent that remark.[;)]

    "We have the Sophos UTM, two 48-port Cisco 2960's with VLAN1 and VLAN2(Voice) untagged."

    You can't use VLAN 1 with the UTM as 1 is reserved for the Wireless Protection module - this is probably what brings your network down.  Plus, I don't know what an "untagged VLAN" might be.

    The IPsec Site-to-Site will establish on the Interface specified in the IPsec Connection definition.  If you want to use the 1st WAN connection as a backup for that, define an Interface Group and use that in the IPsec Connection.

    Use Multipath rules to assign VoIP traffic to the bonded T1s, and follow that with a rule binding 'Any->Any->Any' to your 1st WAN connection.  If you want to use the second WAN connection as a backup, bind the same traffic to it.  In any case, to avoid the general traffic going out over the VoIP circuit, uncheck 'Skip rule on interface error' in the final rule.

    Cheers - Bob