I have a question surrounding QOS. Although I have many branch offices that connect to my data center via IPSEC VPN tunnels. I think it will be easiest for me to understand if I focus on a single link, but please keep in mind that whatever I come up with I will need to do something similar in 30 or so additional branch locations. Different locations have different numbers of users, different bandwidth capabilities, etc.
We use Cisco Call Manager, Unity Connection VM, Cisco Presence and IPCC all installed in my data center. Some branch office use their router as a PSTN gateway, while others rely on Call Manager based SIP trunks for PSTN connectivity.
So my branch office has a Cisco 2821 router with a Serial T1 direct internet access. This DIA is provided by Carrier “A” and they have assigned a public IP for my router. MY data center has an ASA5510 Security appliance and it has 15 megs of DIA, also provided by Carrier “A” and it too has a public IP assigned by Carrier “A”.
I have an IPSEC VPN tunnel created between the public IP of my branch router and the public IP of my ASA in my data center.
The traffic traversing this link consists of the following (list in the order of importance to me):
•1) Voice Traffic (branch phones to other branch phones, branch phones to and from Unity Connection, ad hoc conference calls, MeetMe conference calls and some branch phone to PSTN via SIP trunks terminated on my Call Managers in my data center – number of such calls vary by location)
For example it ranks Signalling above Critical Data. Also consider using a Scavenger class.
I also suggest that if you haven't done so already that you get business sign off on the policy. Then people can't complain about poor perfromance for their favourite applications when it is implemented.
I suggest that you also ensure that you have your trust QoS boundary configured on your switches and routers before the traffic hits the firewall.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :