DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Multiple VPNs between 2 sites

  • adriaanvw
  • Topic Author
  • Offline
  • New Member
  • New Member
More
05 Aug 2011 23:56 #1 by adriaanvw
Multiple VPNs between 2 sites was created by adriaanvw
Hi,

We are trying to achieve the following scenario using two 3300V+ routers with 3 WAN connections each:

Site A has three subnets:
192.168.2.0/25 (PCs)
192.168.2.144/29 (6 Alcatel VOIP phones)
192.168.2.152/29 (6 Alcatel VOIP phones)

Site B has just one subnet:
192.168.93.0/24 (server in the lower address range and Alcatel phone system in the higher address range)

Ordinarily we would have one big VPN pipe running between the two sites with a single IPSec VPN serving all subnets. However, due to site A relocating and having only standard ADSL available for the next few months, we have split it up into the three subnets detailed above, in the hope that we could establish 3 separate VPN tunnels - one for each subnet. The reason for this split is that heavy data transfers (which happens often) tend to significantly affect the quality of the VOIP calls, and the 3300's QOS functions doesn't seem up to the task of dealing with this scenario.

Our initial attempt to set this up failed - here is the setup we tried (all IPSec tunnels):

192.168.2.0/25 -> Public IP1A
IPSec VPN
Public IP1B -> 192.168.93.0/24 (Data)
192.168.2.144/29 -> Public IP2A
IPSec VPN
Public IP2B -> 192.168.93.0/24 (Voip 1)
192.168.2.152/29 -> Public IP3A
IPSec VPN
Public IP3B -> 192.168.93.0/24 (Voip 2)

When we tried the above, we found one tunnel come up, then drop, then the next tunnel would come up, then drop, then the next tunnel would come up, then drop, etc. My guess is the problem is the 192.168.93.0/24 subnet used in all three configurations, and all that follows is based on that assumption:

What I'd like to know is what the recommended setup would be in order to achieve what was specified above. As I understand it, one option would be for site B to be split into 2 subnets (one for the server and one for the phone system), and Site A's two /29 subnets could be merged into one, which should allow us to get two VPN tunnels up between the sites. However that leaves the third ADSL connection unused, and based on past experience a single ADSL connection is insufficient for supporting 12 VOIP phones. Could a VPN trunk be used in a scenario like this, in order to help ensure sufficient bandwidth is available for the phones? Should the following be a workable and reliable solution:

192.168.2.0/25 -> Public IP1A
IPSec VPN
Public IP1B -> 192.168.93.0/25 (Data)

192.168.2.128/25 -> Public IP2A
| |
Public IP2B -> 192.168.93.128/25 (Voip)
| IPSec VPN Trunk |
192.168.2.128/25 -> Public IP3A
| |
Public IP3B -> 192.168.93.128/25 (Voip)

Finally, does anyone have any real world experience of how well VOIP phones cope with a trunked VPN connection? They are using the 729.A protocol.

Any suggestions and comments re the above would be much appreciated.

Thanks,
Adriaan

Please Log in or Create an account to join the conversation.