Please see the attached diagram. We have a main office and 4 remote offices (only showing 1 remote office in the diagram). We are using GRE over IPSec VPNs to the remote offices which terminate on the 2811 router in the main office. We are using the 2811 as it is the only device that we have that can terminate GRE. The 2811 router is connected to the outside switch and is configured with a public IP address. We also have a ASA 5510 in the main office which is connected in the same manner and is used for Web, e-mail traffic etc.
Both the main office and remote offices have a 10Mbps Internet connection.
We have an issue with voice quality between sites as we are finding it difficult to control bandwidth utilization in the main office. When users in the main office download web content it can saturate the 10Mbps Internet connection causing voice quality issues. We have configured outbound shaping on the branch routers to make sure that aggregate inbound traffic from all branches to the main office does not saturate the link but we cannot control traffic from the Internet.
I understand that controlling inbound traffic from the Internet is difficult without controlling QoS on the ISPs side. Is there any way that can reserve inbound bandwidth to ensure that web traffic does not impact voice?
Also in this design, which is the best place to configure outbound QoS from the main office?
just as a query, how have you configured the QoS on the VoIP traffic? I worked on a smilar issue between a hub and spoke site and all I did was to reserve the bandwidth for the VoIP at each of the sites..
I have configured QoS on the main office Internet edge router by matching EF on the packets from the VPN router and prioritizing using LLQ. I have done the same for the remote offices but using a nested QoS policy with class-default traffic shaping. I have not configured any other policies. This would work well if traffic was just between the 2 sites but we also use the 10Mbps link at the main office for Internet traffic so its difficult to control inbound traffic that's not originating from the remote offices.
How have you reserved the bandwidth for VoIP at each site?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :