Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

871 router, EZvpn and VoIP QOS

We're deploying 871 routers to remote teleusers who will also have an IP phone, and a cable modem to connect them to the Internet. We will be configuring IPsec VPNs for their connectivity back to our corporate site to a 3030 concentrator.

Are we able to use the 871 EZvpn client config and still use QOS for voice, or must we configure the 871 the normal lan-to-lan way?

Using EZvpn I don't see how to add the "qos pre-classify" which is necessary to prioritize voice once it has been wrapped in an IPsec header?

Am I correct is thinking that we cannot use EZvpn?

3 REPLIES
New Member

Re: 871 router, EZvpn and VoIP QOS

You should be able to use EZvpn along with QOS for VoIP... I have been using it for a while and works just fine. Here is sample config: This is a 12.4.9T IOS, so pay attention to the "DNS view"... it gets downloaded from the 3030 but I still modify it to use the router itself as a DNS forwarder (or you can also use split DNS):

crypto isakmp enable

crypto isakmp xauth timeout 60

!

crypto ipsec client ezvpn EZVPNClient

connect auto

group [*VPNGROUPNAME1*] key 0 [*VPNGROUPPASSWORD1*]

mode network-extension

peer [*VPNPEERIPADDRESS1*] default

peer [*VPNPEERIPADDRESS2*]

xauth userid mode interactive

!

ip dns view ezvpn-internal-view

logging

domain list ******.****.com

domain name-server [*NAMESERVER1*]

domain name-server [*NAMESERVER2*]

domain name-server interface Loopback1

dns forwarding source-interface Loopback1

!

ip dns view-list ezvpn-internal-view

view ezvpn-internal-view 1

!

ip host my-router 192.168.1.254

ip host view ezvpn-internal-view my-router 192.168.1.254

!

ip domain list ****.*****.com

ip name-server [*NAMESERVER1*] [*NAMESERVER2*]

ip domain lookup source-interface Loopback1

!

ip dhcp pool Local

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 192.168.1.254

option 150 ip ***.***.***.****

lease 0 0 3

!

class-map match-all VOIP-SIG

match ip dscp af31

class-map match-all VOIP-RTP

match ip dscp ef

!

!

policy-map QOS-POLICY

class VOIP-RTP

priority 30

class VOIP-SIG

bandwidth 8

class class-default

fair-queue

!

interface Loopback1

ip address [*10.XXX.XXX.254*] 255.255.255.0

crypto ipsec client ezvpn EZVPNClient inside

!

interface FastEthernet0

no cdp enable

no shutdown

!

interface FastEthernet1

no cdp enable

no shutdown

!

interface FastEthernet2

no cdp enable

no shutdown

!

interface FastEthernet3

no cdp enable

no shutdown

!

interface FastEthernet4

ip address dhcp

crypto ipsec client ezvpn EZVPNClient

no ip redirects

no ip proxy-arp

no ip directed-broadcast

service-policy output QOS-POLICY

duplex auto

speed auto

no cdp enable

duplex auto

speed auto

no cdp enable

!

interface Vlan1

ip address 192.168.1.254 255.255.255.0

ip dns view-group ezvpn-internal-view

no ip redirects

no ip proxy-arp

ip nat inside

ip virtual-reassembly

no ip mroute-cache

no cdp enable

!

ip nat inside source static network 192.168.1.0 [*10.XXX.XXX.0*] /24 extendable

ip route 0.0.0.0 0.0.0.0 dhcp

!

Ihab

New Member

Re: 871 router, EZvpn and VoIP QOS

Thanks - this really helps. Would you explain the dns view statements? You're right the 3030 pushed down two of these statements, both of which are the same except one ends with a '\'.

Also I notice that you don't do any traffic shaping. Have you not found a need to do that?

New Member

Re: 871 router, EZvpn and VoIP QOS

AFAIK U dont need qos pre-classify feature while U just prioritize voice as ToS's IP precedence works well being copied to the outer ToS field in tunnel mode. Just ensure U use tunnel mode.

1090
Views
0
Helpful
3
Replies
CreatePlease login to create content