Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Voice and Video Enabled IPSec VPNs with Cisco expert Scott Pope. Scott is the product line manager for head-end VPN routers and voice and video enabled IPSec VPNs. Feel free to post any questions relating to Voice and Video Enabled IPSec VPNs.

Scott might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 7. Visit this forum often to view responses to your questions and the questions of other community members.

17 REPLIES
New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi Scott,

A little help needed on this one way voice issue. Cisco VPN Client 3.1.1 to 3005. CM 3.2(1). IP Softphone works fine onsite.

On the road, the softphone can not hear the PSTN call. PSTN hears softphone fine. I added a static route on the concentrator to CCM via the nearest router.

Other items I'm missing?

Thanks,

gp

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

What version of IP Softphone are you using?

Check your Network Audio settings.

CCO link for v1.2 setting Network Audio:

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/ip_7960/softphon/ver_1_2/eng/user/sp_appa.htm#xtocid938812

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi Scott,

I'm using 3640 as Gatekeeper for my Voip network, i would like to capture CDR from the GK. I using a AAA server for accounting, but when i captute the CDR there is not timestampe. As i needed the timestamp to indicate call set up and disconnected time, i have both command from GK (accounting, accouning VSA) but still can't manage to get the timestamp. May i know is there a way to capture it as i had almost the the IP/H323 ios version.

Thanks with regards

Chan

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi-

I talked with some of the voice engineers. They recommended the following config guidelines:

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CH-GK

!

aaa new-model

!

!

aaa authentication login h323 group radius

aaa authorization exec h323 group radius

aaa accounting network h323 start-stop group radius

aaa accounting connection h323 start-stop group radius

aaa session-id common

enable password cisco

!

username cisco password 0 cisco

clock timezone GMT 0

ip subnet-zero

!

radius-server host 172.19.49.4 auth-port 1871 acct-port 1862 key test123

radius-server retransmit 3

radius-server vsa send accounting

!

ntp master

!

end

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hello,

I am going try Voice over VPN and wanted some feedback on this scenario. Remote users coming in over a 128 kbps ISDN connection into a 3005 using a 3002 at the remote sites with a PC and IP Phone behind the 3002. Only one person per remote site. I have a VG200 for transcoding so that I can come in on G.729 and bump up to G.711 when it hits the LAN. I wanted to see what you have heard/seen with this type of attempt. I know going out over the Internet means lack of QoS but I think I have the best possible scenario for trying this with the remote sites and central site having the same Tier1 provider . I wold also like to provide inbound and outbound fax service through this to an actual fax machine behind the 3002 somehow. Thanks in advance!

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

A key part of supporting voice over a VPN is having QoS on the VPN device as well as the throughout the rest of the enterprise and SP network. For toll quality voice over VPN the QoS functionality of IOS VPN routers such as Cisco 1700 would probably serve you better. IOS VPN will also give you support for multicast across the VPN. Much voice and video traffic is actually multicast. In general, IOS VPN is what Cisco recommends for voice over VPN. 3000s will work, but only in best effort, no quality assurance mode since they don't have any voice QoS.

Also, IOS VPN routers have voice functionality (support of analog and digital voice connection directly on the router) so they would be the best bet for hooking up a fax machine.

On the SP side, Cisco has teamed with Sprint through its Cisco Powered Networks program to provide low latency SP bandwidth to connect the sites and provide end-to-end SLAs for jitter and latency. We'll be adding other tier 1 SPs in the next few months as well.

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi:

Can you suggest with the version of Cisco soft phone for the IPSEC VPN client? I have tried the same with soft phone version 2.1 and VPN client version 3.5.1, but with no luck.

regds,

Raj

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

What issues are you having? That duo should work.

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

If I launch the IP softphone,it exits with an error saying"Unable to open Call Manager"

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi Scott,

Any words of wisdom on this one way audio issue I posted?

Thanks,

gp

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Check out Dave Silver's post on your previous string.

Thanks.

--S

mli
New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Is there any known performance or quality issues running VoIP over a IPsec encrypted GRE tunnel beteween a Cisco 1720 and a Cisco 7120?

What performance can I expect, with and without a VPN accelerator in the 1720 router

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

I've had problems with high CPU utilization on 2620 routers with 4 or more simultaneous calls regardless of codec and regardless of whether or not it had an encrpytion accelerator in it. Enabling CEF did help, although this was just recently available for GRE in the 12.2.8 release. I'm not sure how much more underpowered the 1720 is compared to a 2620, so I don't know how many calls you can get through before your CPU starts to choke. Once that happens, packets drop and voice quality suffers tremendously.

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

That is a recommended design. 1720 will do about 300-500K w/out a crypto accelerator. HW encryption acceleration is recommended.

Scott

New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hi,

I read in a document recently that only one call from an IP soft phone is allowed to establish a connection at a time in a VOIP over VPN configuration. How do we allow more number of soft phone calls to be established at the same time? Please advice.

Thank you.

-Kartik

mli
New Member

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Hello!

What performance can I expect with an accelerator? 2Mbit/s? Less or more?

When running only GRE tunnels (no IPSec) between the routers, does an accelerator card anything good or are that a "pure IPSec feature"?

Cisco Employee

Re: ASK THE EXPERT- VOICE AND VIDEO ENABLED IPSec VPNs

Depends on which accelerator and on which platform. On a 1700 router, around 3mbps. On a 7100 router, 140 mbps. 2600, 3600, and 3700 will be somewhere in between those. Is there a platform in particular you are intersted in?

Scott

36
Views
0
Helpful
17
Replies