Remote sites via ASA L2L VPN, bad call quality! help!

Unanswered Question

Here is a breakdown of my topology (see bottom of message for details). I have a main location that has an ASA5505 with the UC500 sitting behind it. I have 2 remote sites (teleworkers) connected via ASA5505 L2L VPN tunnels. Each remote site has 1 Cisco 7945 IP phone. Traffic passes great and ping times are around 15ms-45ms. I have been battling call quality issues for several months. I've tried g711 and g729 each with a unique distortion. I have had 4 TAC cases opened, and the last TAC engineer helped me determine it was the DOWNLOAD bandwidth at my main location. Even though we have enabled qos (policing/queuing) on my upload bandwidth at all locations, when RandomUser1 downloads a big file at the main location, voice quality between the main location and the teleworker sites get really choppy. TAC is telling me this can't be controlled and I need more bandwidth. Well, if I upgrade my download bandwidth from 3mb to say 10mb, a download from (for example) is going to fill up that pipe as well.

Can someone please make a recommendation based on how you've overcame this hurdle with teleworker sites?

Main Location (3mb/1mb):

Teleworker Site 1 (20mb/2mb):
7945 IP Phone

Teleworker Site 2 (25mb/2mb):
7945 IP Phone

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven Smith Mon, 05/04/2009 - 13:35
User Badges:
  • Gold, 750 points or more

If the Teleworker sites are sending the packets with properly, but you are receiving them with lots of jitter, loss, or out of order packets, you could have this type of problem.  The phones buffers are only so big and can't wait forever for packets to arrive.  You could try reserving inbound bandwidth on the ASA for traffic for IPSec, but that might not solve the problem.  It would also depend on you always getting 3Mb down.  It would at that the same time limit bandwidth inbound permanently. Again, this might not even work.

You mention that it is bad when a remote site work is downloading from the main site.  It is also bad when the main site is downloading large files from etc?

Depending on how you are doing the QoS outbound, there is one bug that I know of CSCsx07862.  It is a bug on the ASA that will cause voice quality problems.

Steven - Thank you for the quick response.

The problem is when the MAIN site downloads a large file from the internet.  Also, I've ran into the aforementioned bug when I was doing traffic shaping qos.  I instead reverted to policing/queuing in lue of the bug.  I am currently doing inbound policing to 2.5mb.  This still doesnt solve the problem completely.

Any suggestions?

Steven Smith Tue, 05/05/2009 - 07:31
User Badges:
  • Gold, 750 points or more

The next best option is to ask your provider for inbound QoS on the VPN traffic.  After that, you might need more bandwidth.


This Discussion