sundance-communications.com/forum Forums VOIP Phones & IP PBX VoIP & Cloud Phones, Hosted PBX, General IP Phones VPN Tunnel and VoIP?

Over the past 11 years in dealing with VPN's and VOIP we learned that the primary issue with voice quality is not with bandwidth or the VPN tunnel. It's a basic limitation of the internet as a facility for voice. For voice functionality you need a medium that will accept 50 packets per second. This translates to a "managed" network like MPLS or point to point connectivity. Since we went to using these network topologies the clients have not voiced a single complaint about voice quality.

Keeping voice quality out of it. I am refering to non managed cicuits low cost circuits like DSL. Target audience being the small shops that have a remote facility, small offices with a few remote users, ect. Sure, you throw enough money at something you can get it to work great but I'm refering to what is the best approach to setting up VOIP at a very reasonable/cheap cost.

So basically to rephrase my question. Does a higher end/higher cost router to do NAT and PAT justify the overhead introduced by VPN over an unmanaged network.

I refuse to implement VoIP on anyone needing it on DSL. Too many issues with uptime. If they don't have cable modem or greater then I turn down the job. That's just me...others may disagree.

Ok I would agree for quality purposes, however if the bandwidth is there and the cost are reasonable, DSL is a viable option in certain circumstances. My question again is not whether DSL is a good medium but rather investing in a higher end router and the extra work to do all the needed port forwarding is justifiable to reduce the overhead of a VPN

There are a few inexpensive routers (Linksys/Netgear) that do NAT, but I wouldn't use them. With routers, you get what you pay for. An inexpensive router is good for home, but even for SOHO applications I would recommend a small Cisco. Cisco has a great security router called a Pix 501. At around $400 they are a great router, although you do need someone who is at least a CCNA to properly set it up.

As for VPN tunnels, the biggest benefit to a tunnel is packet size. Being an IT guy before I became a phone guy, I can tell you it's all how a VPN is setup. If done properly, the ONLY traffic that goes through the VPN is for VoIP and you do see an improvement.

Just some food for thought...

I'm not a Cisco fan but a router that is "Sip Enabled" will help.

The Newer NetGear Pro-Safe routers are sip aware and pretty rock stable.

My preference is to either use the netgear router or I build a UTM Network Edge device. The latter option gives the best solution (IMHO) but it's a far cry from what MOST people need.

The PIX is going to be EOS (End of Sale) soon. I HIGHLY recommend the ASA5505 which is just a little more expensive then the 501. The ASA allows you to do multiple VLANs, you setup the interfaces VIA SVIs, and has an 8 port integrated switch with 2 PoE 802.3af ports for IP phones. Doing this across a VPN tunnel is dicey at best. You need dedicated bandwidth, (frame-relay, p-to-p, ISDN, wireless, whatever) to make this work reliably. I use this in a pinch but this is not a viable solution in the long run. What codec are you running on the RTP stream?

I have worked with Pix and Sonicwall and they work well. They are fairly pricey and may not be economically viable if it's a small company.

Two small VPN boxes such as a Linksys RV-042 or Netgear FVG318 will give you a P2P tunnel and you can enforce QoS over the link as well as a few other neat things. Still lacking compared to a true UTM like the Pix/Sonicwall.

Also like GCave said, think about getting them ATLEAST SDSL service if not a cable modem/T1 with some real bandwidth behind it.