I need some advice on working with our local VOIP vendor’s setup and our network layout.
I put in a Balance 380 with 2 x DSLs (WAN1 & 2) for our school Internet. Works fine and easy (me not being an expert at networking). That feeds into our Cisco ASA5510 security device and a web filter (“filters” on the attachment) and then into our LAN (I do OK managing those but not in depth).
Before my time here, we have a no cost 5Mbps cable Inet connection (WAN 3) which is used solely for VOIP; it was not added to the B380. The VOIP vendor put in a Microtik router which routes from our VOIP phone handsets (with PCs hung off those) and their internal voicemail server to their external server through the cable box. Any other packets coming into the microtik are rejected, so they flow through the B380 and the filters.
I finally got money to increase the cable modem speed and can add that to the B380 as WAN3. However, I need to keep our VOIP traffic flowing.
I can see two ways of hooking in WAN3 so I can use the available bandwidth which keeping the VOIP lines as per the attachment diagram. FYI: adding a new, separate cable feed is not in the budget.
What is required is that LAN web packets must not be able to bypass the filters. This is state law that I must provide filtered web access. So I cannot allow web packets from the LAN to get through the VOIP router. This works fine now because any web traffic is blocked. If I add WAN3 to the B380, I want to ALLOW web traffic, but only through the filters.
Option A in the top of the attachment is what we have now (excluding the red lines from the VOIP router to Balancer). What the vendor is proposing is adding the red line at top. Any VOIP packets from the LAN would flow to the router and out; any other packets would be blocked and flow through the B380. They need to configure their VOIP router/server to port any non-VOIP traffic coming from the LAN to a specific port on the Microtik. The VOIP router is their equipment so I have no say in it nor do I have much idea of how to configure it. Supposedly their router guy is on vacation so it has been waiting a while.
Option B at bottom in blue is what I proposed: all traffic goes through the B380, get rid of the VOIP router. Supposedly, this won’t work since the VOIP provider’s external server needs to authenticate my packets and can only do so from a single IP. I could route all VOIP packets through WAN3 by policy (I think) so that would resolve that issue (it does remove the redundancy but our VOIP traffic is not that critical; we have a backup POTS line in the office if VOIP goes down). They also expressed concern that because of the ASA5510 filtering all traffic, our VOIP performance would suffer.
Can I configure the B380 for the bottom blue connection option (all traffic through the B380)? How to route VOIP packets through only WAN3 (if need be)? Any impacts of filtering on the VOIP service? Is that something I can exclude from the 5510? (that is not necessarily a question for this forum, but I’ll float it; thank you Mr. Moderator :). Any thoughts or suggestions?