Hi,
Appreciate your precise update .Please find my feedback.
I'm not sure if I'm 100% clear with your ask here.If you are asking can we assign public IP to edge external interfaces? Yes,that would be part of sub allocation pools and you could do NAT according to the business use case.
I mean is it possible to assign a public IP from the /29 block on the LAN interface of the edge gateway. As it happens I have spoken to my ISP today and they can indeed provide a routed /29 subnet, however they are charging a small fee for setting this up as it is "not a standard setup". Also, the whole point of my setup is to try to eradicate NAT completely as I am running into some issues with NAT the way they are.
Yes it is certainly possible to configure in Sub-Allocate IP Pools in the Edge Properties.You could go ahead with a specific range or a Single IP.
What is the use case of hosting pfSense in this setup?
I need to tread carefully here... Although the edge gateway is fine for basic functions, it simply does not offer the same functionality as pfSense does. For example I cannot capture traffic on either the LAN or WAN side, or set up traffic shaping or any of the more advanced features that I require for this setup.
That is correct,Edge doesn't offer any such functionality.But remember external interface is still connected to a Distributed Switch Port Group. Based on your Distributed switch version you can leverage all the features like NIOC,Traffic Shaping,QOS which would be extremely essential since this is a VOIP set-up.
I need to terminate multiple IPSec VPN tunnels to this setup and I do not want to be charged by my ISP for every tunnel we create.
Do they charge based on tunnels or Public IP ? From a isolation perspective you might be having unique Public IP for each tunnel,Isn't that correct ? But again,when you add Public IP ranges in Sub allocation pools,aren't we paying for that irrespective we have a tunnel or not?
Are we using PBX for VoIP connection?
Yes that is exactly what I'm doing. We've struggled with finding the right platform for this previously, so I'm hoping an IaaS platform from my ISP holds the answer. I've always been a fan of VMware so if I can use vCloud for this then that would be ideal. The only reservation I have is this is on shared hardware with a contended internet connection. My ISP says - and I quote "There is no way to provide a dedicated connection into ISP Cloud unfortunately, however there is a gigabit connection which is shared between the tenants on the platform which is engineered so effectively there is be minimal contention." so I am hoping it will suffice for our voice platform.
Yes,up-to an extent that would help since you don't have dedicated connection.
Just curios to know what makes you say "although calls work 99% of the time, I need them to work 100% of the time"?
What calls are we referring here? How did we figure out 99% time it is working?
The main problem I'm having at the minute is we are running into one-way audio issues, which I am fairly certain is down to the fact we are double NATing. Not sure how well up on VoIP you are but VoIP and NAT are not best of friends, and when you add 2 instances of NAT for VoIP to try and deal with it just adds to the complexity and is a recipe for disaster.
Correct,also since these are pre-configured appliances i'm not sure if we are limited with default compute capacity irrespective how much free we have in vSphere ? Equally agree that Double NAT would have a performance impact for such critical applications .Feel free to Log a Support Request if you would like to check further on performance impact.