Mitel 5000, 53xx Phones and VPN

[smash14]

We just found these forums and are glad we did!  Briefly reading through the current topics, there are appears to be some great info available to us Mitel users.  I'd like to pose our current situation to the community to hopefully address our concerns and initial questions.

Currently, we take advantage of MPLS to network our locations.  Each location's MPLS connection is comprised of a minimum of 2 T1s with the exception of our data center connection, 9Mb/DS3.  We are looking at eliminating the MPLS (due to cost) and take advantage of our 50Mb fiber DIA (possibly looking to increase to accommodate MPLS traffic) at every location.  We would take advantage of site-to-site VPN through our firewalls (Sonicwall NSA 2400s and 1 Cisco 5510 at the data center) for connectivity.  We have a Mitel/InterTel 5000 at the data center with SIP trunks activated.  We have a mix of InterTel 86xx and Mitel 53xx phones at multiple locations.  Our questions/concerns are:

1. Does the Mitel 5000 support VPN connectivity and if so, what is quality like compared to our current MPLS setup?
2. Is there a recommend network setup for use over VPN and if so, what is that?
3. Is there anything special that needs to be done to the phone to allow them to contact the PBX?
4. What type of bandwidth per phone should be expected?
5. Should we place the PBX in a DMZ and host phones that way?

This is very important to us and we need to be able to plan this carefully. 

[Tech Electronics]

smash14,

I am not really sure if I should be replying to this post or not, but since no one else has I will give you the standard boilerplate answers I give anyone asking these sorts of questions.

1. Does the Mitel 5000 support VPN connectivity and if so, what is quality like compared to our current MPLS setup? No VPN is not supported by Mitel, but I have successfully implemented it; although if there are issues there is very little in the way of support. When everything is optimal you probably wouldn't notice a difference in QoS or QoE, but when it is not both of those can drop quickly to the point of not being usable.

2. Is there a recommend network setup for use over VPN and if so, what is that? Although it is not supported the best practice is to seperate voice and data into seperate vlans where voice has priority going out the VPN tunnel; once it hits that tunnel though you have no control over what happens which is why it isn't a supported setup. The best solution would most likely to be the installation of seperate Mitel 5000s at each location and then have those talk to each other via the VPN. That way if the VPN goes down at least the location will stay up and working, but trunking will need to be sorted out as well.

3. Is there anything special that needs to be done to the phone to allow them to contact the PBX? They would need to know the IP Address of the phone system if it isn't one large flat network; which it probably won't be. The good point is that you shouldn't have to set the phone system up to use NAT, unless that is already setup for teleworkers already. If you go with the seperate phone system solution then the phones would connect to the local site pbx similar to how they do now with the MPLS.

4. What type of bandwidth per phone should be expected? That would depend on the Codec in use, but even at G.711 when in use it should only be around 115-125 kbps

5. Should we place the PBX in a DMZ and host phones that way? Definitely not, but maybe a MBG at the DMZ which would make all the remote phones use the Internet to access the MBG in order to get to the phone system; your VPN would be a better idea than that since it is more secure due to the encryption you can put on the VPN; although that increases the size of the packets and thus increases the amount of bandwidth each call would take as well.

The issue is that you want to get rid of the best solution for your situation and go to a less favorable one and expect the same or similar QoS and QoE. The problem is even though it can be done there is a higher chance that there will be problems at some point and your vendor will not have good luck getting support from Mitel nor will they have the metrics available to them that MPLS provides, along with its QoS support, to help with troubleshooting or alleviating the problem.

Thanks,

TE

[smash14]

Thanks TE for the solid response.  This is the type of information that we are after.  Your response provided some glimmer of hope for out situation.  We've done some testing and have been successful with some older InterTel 86xx phones.  They connect to the Mitel 5000 as expected over VPN.  However, we are having challenges with the Mitel 53xx series phones.  Any trick to getting those to work over VPN?  Outiside of VPN tunnels over fiber DIA, is there anything else that can optimize our phone experience?

[Tech Electronics]

smash14,

Hmm, my response shouldn't have been much of an encouragement for a company to take the risk on it, but hey to each their own. As for your follow up questions I will try to answer them to the best of my ability without knowing your network or setup of the 5000 and its phones I will be guessing a little.

1. However, we are having challenges with the Mitel 53xx series phones.  Any trick to getting those to work over VPN?  Nothing different really, but I am not sure how they are setup now so it would be hard to answer that question with any certainty. What exactly is the issue that you are experiencing?

2. Outiside of VPN tunnels over fiber DIA, is there anything else that can optimize our phone experience? Well setting up the VLANs for QoS so calls coming in to and out of the VPN tunnel have priority over all other traffic. Also setting up and trusting the DSCP values of the phones wouldn't be a bad idea either.

Thanks,

TE