Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VoIP over VPN using QOS Tunnel

All I have set up a VPN tunnel on a Cisco 871 from a remote site to our VPN hub.

The remote site has 1 Vlan with both Phone and PC on that VLAN I have attached the remote end config. Voice calls work however I cant guarantee that my QOS is working for voice traffic. I have 512kbps link to internet.

my questions are:

1) is voice traffic being distinguished from data traffic?

2) Should I create separate vlans for voice and data.

ip cef


ip dhcp pool mypool




netbios-node-type h-node



lease 14


multilink bundle-name authenticated


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key Telecom address



crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to VPN-HUB

set peer

set transform-set ESP-3DES-SHA

match address 100



class-map match-any Call-Setup

match ip dscp cs3

match ip dscp af31

class-map match-all Voice

match ip dscp ef



policy-map LLQ

class Voice

priority 128

class Call-Setup

bandwidth percent 2

class class-default


policy-map Traffic-Shaper

class class-default

shape average 512000

service-policy LLQ



interface Tunnel0

ip address

ip mtu 1420

qos pre-classify

tunnel source FastEthernet4

tunnel destination

tunnel path-mtu-discovery

crypto map SDM_CMAP_1


interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4

description Connection to Internet$ETH-WAN$

!Registered IP address

ip address

ip tcp adjust-mss 542

speed 10


crypto map SDM_CMAP_1

service-policy output Traffic-Shaper


interface Vlan1

description Connection to LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address

ip tcp adjust-mss 1452


router rip

version 2



Hall of Fame Super Gold

Re: VoIP over VPN using QOS Tunnel


you don't need and can't even use separate VLANs on the VPN. Your QoS config appears correct and should do the best possible.

Only, you don't need ip tcp adjust-mss 542 under FA4. You could use something like 1380, but on VLAN1 instead.

The only other improvement I may think, if this is an ADSL circuit, use an 877 instead so you can see the real circuit and avoiding the need for a QoS childed service-policy.

Please rate if it helps!