06-25-2008 05:40 AM - edited 03-15-2019 11:31 AM
All I have set up a VPN tunnel on a Cisco 871 from a remote site to our VPN hub.
The remote site has 1 Vlan with both Phone and PC on that VLAN I have attached the remote end config. Voice calls work however I cant guarantee that my QOS is working for voice traffic. I have 512kbps link to internet.
my questions are:
1) is voice traffic being distinguished from data traffic?
2) Should I create separate vlans for voice and data.
ip cef
!
ip dhcp pool mypool
network 10.1.245.112 255.255.255.248
default-router 10.1.245.113
netbios-name-server 10.1.80.59
netbios-node-type h-node
dns-server 10.1.80.59
domain-name xxxx.com
lease 14
!
multilink bundle-name authenticated
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key Telecom address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to VPN-HUB
set peer xxx.xxx.xxx.xxx
set transform-set ESP-3DES-SHA
match address 100
!
!
class-map match-any Call-Setup
match ip dscp cs3
match ip dscp af31
class-map match-all Voice
match ip dscp ef
!
!
policy-map LLQ
class Voice
priority 128
class Call-Setup
bandwidth percent 2
class class-default
fair-queue
policy-map Traffic-Shaper
class class-default
shape average 512000
service-policy LLQ
!
!
interface Tunnel0
ip address 10.250.15.2 255.255.255.0
ip mtu 1420
qos pre-classify
tunnel source FastEthernet4
tunnel destination xxx.xxx.xxx.xxx
tunnel path-mtu-discovery
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Connection to Internet$ETH-WAN$
!Registered IP address
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip tcp adjust-mss 542
speed 10
half-duplex
crypto map SDM_CMAP_1
service-policy output Traffic-Shaper
!
interface Vlan1
description Connection to LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.1.245.113 255.255.255.248
ip tcp adjust-mss 1452
!
router rip
version 2
network 10.0.0.0
!
06-25-2008 05:45 AM
Hi,
you don't need and can't even use separate VLANs on the VPN. Your QoS config appears correct and should do the best possible.
Only, you don't need ip tcp adjust-mss 542 under FA4. You could use something like 1380, but on VLAN1 instead.
The only other improvement I may think, if this is an ADSL circuit, use an 877 instead so you can see the real circuit and avoiding the need for a QoS childed service-policy.
Please rate if it helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide