VoIP over VPN using QOS Tunnel

Unanswered Question

All I have set up a VPN tunnel on a Cisco 871 from a remote site to our VPN hub.

The remote site has 1 Vlan with both Phone and PC on that VLAN I have attached the remote end config. Voice calls work however I cant guarantee that my QOS is working for voice traffic. I have 512kbps link to internet.

my questions are:

1) is voice traffic being distinguished from data traffic?

2) Should I create separate vlans for voice and data.

ip cef

!

ip dhcp pool mypool

network 10.1.245.112 255.255.255.248

default-router 10.1.245.113

netbios-name-server 10.1.80.59

netbios-node-type h-node

dns-server 10.1.80.59

domain-name xxxx.com

lease 14

!

multilink bundle-name authenticated

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key Telecom address xxx.xxx.xxx.xxx

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to VPN-HUB

set peer xxx.xxx.xxx.xxx

set transform-set ESP-3DES-SHA

match address 100

!

!

class-map match-any Call-Setup

match ip dscp cs3

match ip dscp af31

class-map match-all Voice

match ip dscp ef

!

!

policy-map LLQ

class Voice

priority 128

class Call-Setup

bandwidth percent 2

class class-default

fair-queue

policy-map Traffic-Shaper

class class-default

shape average 512000

service-policy LLQ

!

!

interface Tunnel0

ip address 10.250.15.2 255.255.255.0

ip mtu 1420

qos pre-classify

tunnel source FastEthernet4

tunnel destination xxx.xxx.xxx.xxx

tunnel path-mtu-discovery

crypto map SDM_CMAP_1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description Connection to Internet$ETH-WAN$

!Registered IP address

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip tcp adjust-mss 542

speed 10

half-duplex

crypto map SDM_CMAP_1

service-policy output Traffic-Shaper

!

interface Vlan1

description Connection to LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.1.245.113 255.255.255.248

ip tcp adjust-mss 1452

!

router rip

version 2

network 10.0.0.0

!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Paolo Bevilacqua Wed, 06/25/2008 - 05:45

Hi,

you don't need and can't even use separate VLANs on the VPN. Your QoS config appears correct and should do the best possible.

Only, you don't need ip tcp adjust-mss 542 under FA4. You could use something like 1380, but on VLAN1 instead.

The only other improvement I may think, if this is an ADSL circuit, use an 877 instead so you can see the real circuit and avoiding the need for a QoS childed service-policy.

Please rate if it helps!

Actions

This Discussion