VoIP over VPN using QOS Tunnel

Unanswered Question

All I have set up a VPN tunnel on a Cisco 871 from a remote site to our VPN hub.

The remote site has 1 Vlan with both Phone and PC on that VLAN I have attached the remote end config. Voice calls work however I cant guarantee that my QOS is working for voice traffic. I have 512kbps link to internet.

my questions are:

1) is voice traffic being distinguished from data traffic?

2) Should I create separate vlans for voice and data.


ip cef

!

ip dhcp pool mypool

network 10.1.245.112 255.255.255.248

default-router 10.1.245.113

netbios-name-server 10.1.80.59

netbios-node-type h-node

dns-server 10.1.80.59

domain-name xxxx.com

lease 14

!

multilink bundle-name authenticated

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key Telecom address xxx.xxx.xxx.xxx

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to VPN-HUB

set peer xxx.xxx.xxx.xxx

set transform-set ESP-3DES-SHA

match address 100

!

!

class-map match-any Call-Setup

match ip dscp cs3

match ip dscp af31

class-map match-all Voice

match ip dscp ef

!

!

policy-map LLQ

class Voice

priority 128

class Call-Setup

bandwidth percent 2

class class-default

fair-queue

policy-map Traffic-Shaper

class class-default

shape average 512000

service-policy LLQ

!

!

interface Tunnel0

ip address 10.250.15.2 255.255.255.0

ip mtu 1420

qos pre-classify

tunnel source FastEthernet4

tunnel destination xxx.xxx.xxx.xxx

tunnel path-mtu-discovery

crypto map SDM_CMAP_1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description Connection to Internet$ETH-WAN$

!Registered IP address

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip tcp adjust-mss 542

speed 10

half-duplex

crypto map SDM_CMAP_1

service-policy output Traffic-Shaper

!

interface Vlan1

description Connection to LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.1.245.113 255.255.255.248

ip tcp adjust-mss 1452

!

router rip

version 2

network 10.0.0.0

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Paolo Bevilacqua Wed, 06/25/2008 - 05:45
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


you don't need and can't even use separate VLANs on the VPN. Your QoS config appears correct and should do the best possible.


Only, you don't need ip tcp adjust-mss 542 under FA4. You could use something like 1380, but on VLAN1 instead.


The only other improvement I may think, if this is an ADSL circuit, use an 877 instead so you can see the real circuit and avoiding the need for a QoS childed service-policy.


Please rate if it helps!

Actions

This Discussion