Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Voice and Video Enabled IPSec VPNs with Cisco expert Scott Pope. Scott is the product line manager for head-end VPN routers and voice and video enabled IPSec VPNs. Feel free to post any questions relating to Voice and Video Enabled IPSec VPNs.
Scott might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 7. Visit this forum often to view responses to your questions and the questions of other community members.
A little help needed on this one way voice issue. Cisco VPN Client 3.1.1 to 3005. CM 3.2(1). IP Softphone works fine onsite.
On the road, the softphone can not hear the PSTN call. PSTN hears softphone fine. I added a static route on the concentrator to CCM via the nearest router.
Other items I'm missing?
What version of IP Softphone are you using?
Check your Network Audio settings.
CCO link for v1.2 setting Network Audio:
I'm using 3640 as Gatekeeper for my Voip network, i would like to capture CDR from the GK. I using a AAA server for accounting, but when i captute the CDR there is not timestampe. As i needed the timestamp to indicate call set up and disconnected time, i have both command from GK (accounting, accouning VSA) but still can't manage to get the timestamp. May i know is there a way to capture it as i had almost the the IP/H323 ios version.
Thanks with regards
I talked with some of the voice engineers. They recommended the following config guidelines:
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
aaa authentication login h323 group radius
aaa authorization exec h323 group radius
aaa accounting network h323 start-stop group radius
aaa accounting connection h323 start-stop group radius
aaa session-id common
enable password cisco
username cisco password 0 cisco
clock timezone GMT 0
radius-server host 172.19.49.4 auth-port 1871 acct-port 1862 key test123
radius-server retransmit 3
radius-server vsa send accounting
I am going try Voice over VPN and wanted some feedback on this scenario. Remote users coming in over a 128 kbps ISDN connection into a 3005 using a 3002 at the remote sites with a PC and IP Phone behind the 3002. Only one person per remote site. I have a VG200 for transcoding so that I can come in on G.729 and bump up to G.711 when it hits the LAN. I wanted to see what you have heard/seen with this type of attempt. I know going out over the Internet means lack of QoS but I think I have the best possible scenario for trying this with the remote sites and central site having the same Tier1 provider . I wold also like to provide inbound and outbound fax service through this to an actual fax machine behind the 3002 somehow. Thanks in advance!
A key part of supporting voice over a VPN is having QoS on the VPN device as well as the throughout the rest of the enterprise and SP network. For toll quality voice over VPN the QoS functionality of IOS VPN routers such as Cisco 1700 would probably serve you better. IOS VPN will also give you support for multicast across the VPN. Much voice and video traffic is actually multicast. In general, IOS VPN is what Cisco recommends for voice over VPN. 3000s will work, but only in best effort, no quality assurance mode since they don't have any voice QoS.
Also, IOS VPN routers have voice functionality (support of analog and digital voice connection directly on the router) so they would be the best bet for hooking up a fax machine.
On the SP side, Cisco has teamed with Sprint through its Cisco Powered Networks program to provide low latency SP bandwidth to connect the sites and provide end-to-end SLAs for jitter and latency. We'll be adding other tier 1 SPs in the next few months as well.
Can you suggest with the version of Cisco soft phone for the IPSEC VPN client? I have tried the same with soft phone version 2.1 and VPN client version 3.5.1, but with no luck.
Is there any known performance or quality issues running VoIP over a IPsec encrypted GRE tunnel beteween a Cisco 1720 and a Cisco 7120?
What performance can I expect, with and without a VPN accelerator in the 1720 router
I've had problems with high CPU utilization on 2620 routers with 4 or more simultaneous calls regardless of codec and regardless of whether or not it had an encrpytion accelerator in it. Enabling CEF did help, although this was just recently available for GRE in the 12.2.8 release. I'm not sure how much more underpowered the 1720 is compared to a 2620, so I don't know how many calls you can get through before your CPU starts to choke. Once that happens, packets drop and voice quality suffers tremendously.
That is a recommended design. 1720 will do about 300-500K w/out a crypto accelerator. HW encryption acceleration is recommended.
I read in a document recently that only one call from an IP soft phone is allowed to establish a connection at a time in a VOIP over VPN configuration. How do we allow more number of soft phone calls to be established at the same time? Please advice.
What performance can I expect with an accelerator? 2Mbit/s? Less or more?
When running only GRE tunnels (no IPSec) between the routers, does an accelerator card anything good or are that a "pure IPSec feature"?
Depends on which accelerator and on which platform. On a 1700 router, around 3mbps. On a 7100 router, 140 mbps. 2600, 3600, and 3700 will be somewhere in between those. Is there a platform in particular you are intersted in?