I would like to be able to implement h.323 video conferencing between three sites that will be linked via VPN over the Internet. I seem to recall that IPSEC and H.323 did not work together. Has a solution for this been developed? Are there other issues besides encryption delay?
You may do this but from personal experience I'll tell you it won't work well. The reason is that once your packets leave your access router for the internet you have no control over latency and jitter. RTP Apps like VC don't like latency and jitter and video and voice packets will drop out.
The main problem is that you can't provide end-to-end QoS for conferencing.
If your sites are in Metro areas look at Metro ATM as an alternative.
This should work just fine. There are some conditions though. Make sure you have enough bandwidth between these sites to allow free movement of packets. Besides this note the following:
First condition is the point to point latency between these sites. If you use one ISP to provide Internet service to all three sites they may be able to give you acceptable SLAs. Make sure your latency does not exceed 150 to 200ms range. Second, make sure you apply QoS priority or queueing schemes to ensure guaranteed early access to video and voice packets accross the available connections. If you plan on using this medium for broadcast/multicast purposes e.g. distance learning, then ensure that your routers are configured for DVMRP, PIM or necessary protocol to ensure proper registration, participation and delivery.
We just ran a test video session from Florida to Munich Germany using the H.323 over an IPSEC tunnel using the Internet. The latency was pushing 160ms, and both sites have high end Cisco Switched internetworks with large pipes to the internet.
There was issues when connecting using the auto detect feature, so we set it back to 256k and we got a connection that looked better than running it over ISDN. We even tested a 128k connection and it was still acceptable. The time difference could be an issue because it was tested at 2PM here which is 8PM in Germany (off peak times), which could account for the good connection. We are new at this and are looking to implement desktop to desktop video conferences to several key areas worldwide. If anyone can give me any pointers I would much appreciate it.
In talking to a cisco engineer (who focuses exclusively on VC here in MN), he felt that encryption was not an issue. Rather, the issue would be applying QOS to ensure that your VC session packets pass through the serial interface before other data.
There is a limitation in current (up to 12.2(4) i would assume) that does not allow QOS (adaptive shaing, LLQ) to be applied to a packet andfor the packet to be encrypted on the same router. He has stated that Cisco is aware of this issueand working on it.
So it appears that if you want to give priority to VC packet passing through your local routers in times of congestion AND setup a VPN, you need 2 routers at each end.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...
You have reached the Cisco Logistics Support Center.. To Check Status of your RMA, visit Product Returns & Replacements (RMA).
Need help? Contact us by Phone or Email.
Phone: 1800 553 2447 Option 4