Re: [asterisk-users] QoS VPN
Despite the VPN overhead, running VOIP through VPN is good idea because VPN reorders encapsulated UDP packets in correct order. Security matters as well. I'd suggest to route VNC packets rather over internet than VPN (so do I), as VPN usually has the highest priority. On Thu, May 7, 2009 at 11:33 PM, Roberto Piola roberto.pi...@visiant.itwrote: I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
On Fri, 8 May 2009, Aurimas Skirgaila wrote: Despite the VPN overhead, running VOIP through VPN is good idea because VPN reorders encapsulated UDP packets in correct order. Security matters as well. Reorders? How so? I think it will maintain the order, only if they have arrived in the correct order. I'd suggest to route VNC packets rather over internet than VPN (so do I), as VPN usually has the highest priority. Unless QoS is implemented packets are first come first served. There is no usually has the highest priority. Routing one over the Internet versus over the VPN won't change that priority. j On Thu, May 7, 2009 at 11:33 PM, Roberto Piola roberto.pi...@visiant.itwrote: I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
Access-list 100 permit ip host asterisk server any Class-map match-any voip Match access-group 100 Policy-map voip Class voip Priority 256 Class class-default Fair-queue Interface fastethernet 0 Service-policy output voip Above is what I do to prioritize 256kbit of outbound bandwidth to voip calls, adjust accordingly. You must also use the qos pre-classify in your ipsec tunnel definitions for this to work, but it does work well. I know I'm potentially mapping other traffic than voip, but I'm lazy and don't want to classify the rtp and sip and iax ports, rarely does the box do any other traffic than voip as updates occur in off hours. You'll probably additionally want to match your ipsec keying traffic and give it priority bandwidth, if you're going to push voip through the tunnel you'll find yourself rekeying more often and want to make sure on a saturated link it gets priority so the tunnels don't drop. If you're on DSL, you probably want to research cascading the Qos, have a root policy that throttles all bandwidth to a certain speed, then a child policy that prioritizes that bandwidth, so you don't saturate your outbound circuit(think in terms of P2P protections). This e-mail, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing, or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Texas Health Management Group immediately at 1-817-310-4999. Texas Health Management Group, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
On Fri, May 8, 2009 at 3:45 PM, Jeff LaCoursiere j...@jeff.net wrote: On Fri, 8 May 2009, Aurimas Skirgaila wrote: Despite the VPN overhead, running VOIP through VPN is good idea because VPN reorders encapsulated UDP packets in correct order. Security matters as well. Reorders? How so? I think it will maintain the order, only if they have arrived in the correct order. UDP doesn't guarantee that over long way packets arrive in correct order, while TCP based VPN would sort them correctly ;) well, I'm not sure if all kinds of VPN are SSL/TCP based. The author mentioned remote offices so this might be useful for him. I'd suggest to route VNC packets rather over internet than VPN (so do I), as VPN usually has the highest priority. Unless QoS is implemented packets are first come first served. There is no usually has the highest priority. Routing one over the Internet versus over the VPN won't change that priority. ok. probably I've misread somewhere about switches which QoS enabled is by default. By the way we do ask our ISP to prioritize VPN packets and they do. j On Thu, May 7, 2009 at 11:33 PM, Roberto Piola roberto.pi...@visiant.it wrote: I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
On Thu, May 7, 2009 at 3:54 PM, Brent Davidson br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. VNC is very asymmetric. It doesn't generate much traffic from the person viewing, and it generates lots of traffic FROM the system being viewed. This helps explain why the system being viewed side can hear incoming voice packets, and outbound voice packets that have to compete with the large amount of outgoing video signal data lose. QoS may or may not help you here. If voice quality is important, you should have a separate connection dedicated to just voice. The obvious workaround is grab your cell phone and call them with that. You DO have a way to dial directly to that office without going over the PIX, right, right? How do you call the remote office when the PIX goes down? What will help you is getting a bigger line or separating the voice traffic from the data traffic completely. If you are good with ssh, you can also do a compressed ssh tunnel to encrypt and on-the-fly compress the VNC session. But if this is Windows good luck with that. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
I would think that VoIP over VPN is a bad idea as UDP packets need to be in realtime not corrected by the TCP of the VPN. Garth van Sittert Technical Director BitCo 08600 24826 www.bitco.co.za Aurimas Skirgaila wrote: Despite the VPN overhead, running VOIP through VPN is good idea because VPN reorders encapsulated UDP packets in correct order. Security matters as well. I'd suggest to route VNC packets rather over internet than VPN (so do I), as VPN usually has the highest priority. On Thu, May 7, 2009 at 11:33 PM, Roberto Piola roberto.pi...@visiant.it mailto:roberto.pi...@visiant.it wrote: I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com http://cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.com mailto:br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
On Friday 08 May 2009 10:07:43 Garth van Sittert wrote: I would think that VoIP over VPN is a bad idea as UDP packets need to be in realtime not corrected by the TCP of the VPN. Not all VPNs use TCP. OpenVPN, in particular, uses UDP for the backbone. -- Tilghman ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
I would think that VoIP over VPN is a bad idea as UDP packets need to be in realtime not corrected by the TCP of the VPN. That depends very much on the VPN in use. OpenVPN doesn't suffer from this problem. Although it's SSL-based (and one might think it does everything through SSL-over-TCP), it actually sends the VPN traffic via UDP... it uses TCP only for the negotiation and administrative aspects of setting up the VPN connection. As far as I know, OpenVPN makes no attempt at all to re-order the packets that it encapsulates and transmits. It simply accepts the IP packets it is to carry, encrypts them individually, wraps them in UDP, and retransmits them to its peer. The peer receives the UDP, decrypts, and forwards. No re-ordering. There may be other VPNs which actually carry all of the VPN'ed data in a single TCP stream... but I think this is generally agreed to be a Bad Idea for several reasons. I run SIP over OpenVPN between my Nokia N810 handheld, and my Asterisk server at home. I have not noticed any difference in call quality between SIP-over-OpenVPN, and non-VPN'ed SIP, between these two endpoints... except, of course, when the OpenVPN-encapsulated traffic gets through, and non-VPN'ed traffic doesn't due to firewall or NATing problems at a particular wireless network access point. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
Dave Platt wrote: OpenVPN doesn't suffer from this problem. Although it's SSL-based (and one might think it does everything through SSL-over-TCP), it actually sends the VPN traffic via UDP... it uses TCP only for the negotiation and administrative aspects of setting up the VPN connection. UDP is the default, but OpenVPN can be configured for TCP as well ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
It's been a few years ago, but Network Computing had tests results showing that VoIP over a VPN was measurably better than outside a VPN. Why? Because the latency was low enough that lost UDP packets (within the VPN tunnel) could be re-transmitted before the jitter buffer had expired. Since most jitter buffers are on the order for 10 to 80 msec, if your one-way latency is any greater than a third of your jitter buffer, it's of no use. For example, if the one-way latency is 15 msec, the best-case scenario is that with single-time packet loss, the other packet would arrive at the destination in ~45 msec. Frank -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Garth van Sittert Sent: Friday, May 08, 2009 10:08 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] QoS VPN I would think that VoIP over VPN is a bad idea as UDP packets need to be in realtime not corrected by the TCP of the VPN. Garth van Sittert Technical Director BitCo 08600 24826 www.bitco.co.za Aurimas Skirgaila wrote: Despite the VPN overhead, running VOIP through VPN is good idea because VPN reorders encapsulated UDP packets in correct order. Security matters as well. I'd suggest to route VNC packets rather over internet than VPN (so do I), as VPN usually has the highest priority. On Thu, May 7, 2009 at 11:33 PM, Roberto Piola roberto.pi...@visiant.it mailto:roberto.pi...@visiant.it wrote: I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com http://cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.com mailto:br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Mvh, Aurimas Skirgaila ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
David Backeberg wrote: On Thu, May 7, 2009 at 3:54 PM, Brent Davidson br...@texascountrytitle.com wrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. VNC is very asymmetric. It doesn't generate much traffic from the person viewing, and it generates lots of traffic FROM the system being viewed. This helps explain why the system being viewed side can hear incoming voice packets, and outbound voice packets that have to compete with the large amount of outgoing video signal data lose. QoS may or may not help you here. Well, the fact that our central office has a 10mb downstream / 5mb upstream connection (Two 5Mb down 2.5Mb up DSl connections load shared) helps with them hearing me clearly too, I'm sure. I can get the packets to them faster than they can get packets to me. If voice quality is important, you should have a separate connection dedicated to just voice. The obvious workaround is grab your cell phone and call them with that. You DO have a way to dial directly to that office without going over the PIX, right, right? How do you call the remote office when the PIX goes down? What will help you is getting a bigger line or separating the voice traffic from the data traffic completely. If you are good with ssh, you can also do a compressed ssh tunnel to encrypt and on-the-fly compress the VNC session. But if this is Windows good luck with that. Yes, we can dial all satellite office through the PSTN if we really want to, but one of the reasons we went to a VOIP system was to cut down on the long-distance charges that result from office-to-office calls, and to be able to transfer calls from one office to another. All in all the system works as designed, except for the rare occasions that I'm doing support with VNC and have a person on the remote extension as well. But just because nobody else has complained yet doesn't mean there aren't other conditions that could trigger a poor-quality call. If I can find a solution that works in my worst-case VNC situation then maybe I'll prevent a few future issues from ever becoming real problems. Separating the voice off to it's own connection would defeat the cost-cutting reasoning behind the system. Thanks, Brent ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
Jeremy Mann wrote: Access-list 100 permit ip host asterisk server any Class-map match-any voip Match access-group 100 Policy-map voip Class voip Priority 256 Class class-default Fair-queue Interface fastethernet 0 Service-policy output voip Above is what I do to prioritize 256kbit of outbound bandwidth to voip calls, adjust accordingly. You must also use the qos pre-classify in your ipsec tunnel definitions for this to work, but it does work well. I know I'm potentially mapping other traffic than voip, but I'm lazy and don't want to classify the rtp and sip and iax ports, rarely does the box do any other traffic than voip as updates occur in off hours. You'll probably additionally want to match your ipsec keying traffic and give it priority bandwidth, if you're going to push voip through the tunnel you'll find yourself rekeying more often and want to make sure on a saturated link it gets priority so the tunnels don't drop. If you're on DSL, you probably want to research cascading the Qos, have a root policy that throttles all bandwidth to a certain speed, then a child policy that prioritizes that bandwidth, so you don't saturate your outbound circuit(think in terms of P2P protections). Thank you. This is EXACTLY what I was looking for. Do the packet counters for show policy-map int fast 0/0 only increment when the queuing kicks in or should they be incrementing all the time as packets flow? Thanks again, Brent ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] QoS VPN
I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) Thanks, Brent Davidson ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] QoS VPN
I do not have examples, but if you are using the 1700 series router in order to originate the ipsec vpn, you may use command qos pre-classify (please search for it on cco.cisco.com) On Thu, May 7, 2009 at 9:54 PM, Brent Davidson br...@texascountrytitle.comwrote: I've got multiple satellite office all linked back to the main office via VPN. Each office has their own asterisk server which registers back to the main office's Asterisk server. Each office also has a 1Mb downstream / 384k - 768k upstream connection. The branches are using Speex for their connections back to the main office. The issue I'm having is that there are times that I need to VNC in to machines at the various offices for tech support while the user is also on the phone. Unfortunately the VNC connection apparently takes priority and makes it impossible for me to understand anything the person on the phone is saying, although they can still hear me fine. Our Main office uses a Cisco PIX 506 for the main firewall and VPN concentrator. Each branch office used a Cisco 1700 series router with IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the main router or the branch routers to make sure the voice quality takes precedence over the VNC? (Any example configs would be greatly appreciated) Would I be better off routing the voice packets over the internet rather than the VPN, and could I safely do that without exposing the asterisk boxes to unnecessary security risks? (At present all of our asterisk boxes are behind the firewalls and only talk to each other over the VPN. All PSTN connection is done through TDM boards so they have no direct exposure to the internet.) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users