Re: Did Anyone see this?

  • From: "Jeff Sloan" <jsloan@xxxxxxxxxxxx>
  • To: "ISALists" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 29 Oct 2003 11:13:12 -0600

We have had this phone system for 2 years now, and you have to believe
me, there is no IP addresses on the phones.
There is communication between mac address to mac address. Adding VOIP
is additional, where we then would assign IP addresses to the phones.

We have been working just fine this way all this time with no IP
addresses.

I am the one trying to get this working over the public internet without
buying the IP license.
I thought it possible after I did a google search on layer 2 vpn, and
found companies doing it, and cisco bought some of the hardware tech to
make it happen, but it appears to be big enterprise type stuff, isp, asp
kinda scope, not for the small bussness.

All it has to do is keep a mac address table, and know where the
destination mac lives. If it lives across the internet, encapsulate it
in IP, send it to the other layer 2 vpn device, unencapsulate it, and
send it on through the network.

As far as your question John, you CAN transport with just mac. Just not
route.
Remember the old ways to set up a network printer the first time?
You used a utility to communicate directly with the mac address, and set
the IP from there.

These phones are ethernet devices themselves.
They have ethernet ports and a 2 port switch.
One goes to the hub or switch, and the other goes to your computer if
you have one, so you don't have to run new cable.

If there were affordable layer2 vpn devices, seems like it would be
fairly secure, because not only would you have to spoof an IP to
intercept it, but then change your mac address too.

Thanks



Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 

Phone 870-864-8688
Fax     870-864-8689 
Cell     870-866-9941 



-----Original Message-----
From: Thor [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Wednesday, October 29, 2003 10:15 AM
To: ISALists
Subject: [isalist] Re: Did Anyone see this?


http://www.ISAserver.org

MessageNo need for me to pipe in about how you can't route MAC - but
regardless, what is the overall goal?  Do you still want to use the VoIP
functionality w/o IP?  If the people you are getting the phone system
from are telling you that you can have VoIP-type functionality of the
NBX without purchasing the IP modules, they are mistaken.  You can't
get there from there... You have to ecapsulate the voice traffic within
IP- there is no VoMAC.

Also, you don't need their VPN solution.  A point-to-point ISA VPN
config with the NBX on one side and the IP Phones on the other will work
just fine, as long as you don't have too much latency in the network.
I've been doing VoIP for many years now (and VoFR before that) and my
limit is about 200 ms or so. Anything more than that and you start to
introduce jitter; or the delay will be so much that humans will become
irritated with talking over each other.

t


----- Original Message ----- 
From: Jeff Sloan
To: [ISAserver.org Discussion List]
Sent: Tuesday, October 28, 2003 6:48 PM
Subject: [isalist] Did Anyone see this?


http://www.ISAserver.org

Just a friendly check, did anyone read this message?
I sent it out twice and didn't get a single response.
Even a negative one will do. Just checking.
Thanks,

Jeff

     Does anyone know of an affordable device that would provide Layer 2
VPN through the internet. I am not looking for a dedicated network
solution, but something that will just work across the internet.

And how might it affect the ISA server we already use?
Would it go outside the ISA or inside it?
My guess is inside it.

My phone system is a layer two network solution out of the box. (3Com
NBX) Although it has voice over IP that could be turned on, it would
require a hardware VPN box for each external user to be on our system,
and some functions that use multicast would not work. Between two states
we have a dedicated t1, and Cisco switches set to layer two bridging,
and that works great, but we are about to get rid of the t1 line for
cost reasons, and go to DSL and VPN.

Since we are going to have to get VPN appliances (3Com DSL secure
gateway routers, $268) I thought about doing a search for layer 2 VPNs,
and found several hits, but they seem to be dedicated to large service
providers and such.

Have you guys heard of anything?

Thanks


Jeff Sloan
Network Administrator
Cross Oil Refining & Marketing, Inc.
484 E. 6th St.
Smackover, AR 71762
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: