SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  VoIP through route-based VPN

    Posted 02-09-2012 17:10

    Hello all.

     

    We are setting up a remote callcenter and I need to use some short of VPN tunneling to route SIP-data to our IP-PBX (asterisk). Currently we are using openvpn installed in each of the agents machines but I am looking at a more streamlined solution.

     

    Would a route-based VPN between the two sites (each has an SRX240) allow seamless communication between the clients and the PBX? Is NAT involved in anyway? I've had bad experience with NAT and SIP and I'd like to avoid it. Iplan to create one st0 in each site and put them at each side's trusted zones. 

     

    Site A will only export the subnet of the PBX and site B will only export the subnet of the clients.



  • 2.  RE: VoIP through route-based VPN
    Best Answer

    Posted 02-10-2012 01:36

    Hi,

     

    A straight forward route based vpn should accomplish this for you,  NAT would not be required for a basic configuration.

     

    Have a look at the following configuration guide.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN108&actp=LIST



  • 3.  RE: VoIP through route-based VPN

    Posted 02-10-2012 16:30

    I 've read the KB and I wonder if it would be necessary to create a new VPN zone.

     

    On site A my PBX sits within 10.1.5.0/24

    On site B my VOIP clients are within 10.85.86.0/24

     

    There is no 10.1.5.0/24 in site B and no 10.85.86.0/24 in Site A

     

    So I was thinking of adding a numbered st0 in each site's trusted zone (to avoid inter-zone policies) and route 10.85.86.0/24 through st0 in site A and 10.1.5.0/24 through st0 in site B.



  • 4.  RE: VoIP through route-based VPN

    Posted 02-11-2012 03:47

    Hi there,

     

    There is no neccessity to create a seperate VPN zone, what you said is perfectly ok.

     

    You can add the st0.x interface to each of the zones terminating each side of the VPN.



  • 5.  RE: VoIP through route-based VPN

    Posted 03-08-2012 21:32

    HI Gabriel

    Technically you don't need to create a special zone, but I always do to create the security abstraction. You will also want to look at the ALGs on the SRX and make sure they are going to work for you. Most environments i've been in recently don't have any issues keeping the ALG on.