[cisco-voip] DMVPN and QOS implementaion

Manoj Kalpage manoj.kalpage at gmail.com
Fri Sep 29 11:32:27 EDT 2006 

Hi all,
We have hosted PBX system which is located in data centre and we have 
dedicated 1MB internet connection. At present we only have four remote sites 
and all of them have high speed ADSL connection for both their data and 
Voice. Each sites has 4 to 5 phones. We used to use PIX 515 at Data centre 
and PIX 501 at remote sites. As we were experiencing voice quality issue we 
moved to Cisco 2821 at Data centre and 800 series at remote sites. I have 
configured DMVPN using GRE over IPSec for our VPN network. all the tunnels 
are up and seems to be working fine so far but I am just wondering whether I 
got right QoS configuration at HeadEnd Router. As, I am a newbie for QoS, I 
have referred various cisco documentations to configure bellow DMVPN and QoS 
for our head end router. Since we don't have data transaction at HeadEnd 
site I think I can use 75% of bandwidth for voice it self.  Can some one 
help me figure out QoS requirment for my network environment.

Thank you in advanced,

Best regards
Manoj

---------------------------------------------------------------------------
Building configuration...

Current configuration : 5063 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PBXLGATE01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip cef

!
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-2723000426
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2723000426
 revocation-check none
 rsakeypair TP-self-signed-2723000426
!
!
crypto pki certificate chain TP-self-signed-2723000426
 certificate self-signed 01
  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  quit
username xxxx privilege 15 secret 5 @#@#@@@GlPb96SyZxV6Q0
!
!
class-map match-all VOICE
 match ip dscp ef
class-map match-all SCAVENGER
 match ip dscp cs1
class-map match-any INTERNETWORK-CONTROL
 match ip dscp cs6
 match access-group name IKE
class-map match-any CALL-SIGNALING
 match ip dscp cs3
 match ip dscp af31
!
!
policy-map V3PN-EDGE
 class VOICE
  priority percent 55
 class CALL-SIGNALING
  bandwidth percent 5
 class INTERNETWORK-CONTROL
  bandwidth percent 5
 class SCAVENGER
  bandwidth percent 1
  queue-limit 1
 class class-default
  bandwidth percent 9
  queue-limit 16
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key 6 G0G0G0G0 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set PBXL esp-3des esp-md5-hmac
!
crypto ipsec profile PBXL
 set security-association lifetime seconds 120
 set transform-set PBXL
!
!
interface Tunnel0
 ip address 10.10.1.1 255.255.255.0
 no ip redirects
 ip mtu 1440
 ip nhrp authentication xxxxxxxx
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip tcp adjust-mss 1360
 qos pre-classify
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile PBXL
!

interface FastEthernet0/0
 description Connect to Verizon Network
 bandwidth 1000
 ip address 222.222.222.222 255.255.255.192
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 service-policy output V3PN-EDGE
!
interface FastEthernet0/1
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 90
 network 10.0.0.0
 network 172.16.0.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 222.222.222.222
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 1000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip access-list extended IKE
 permit udp any eq isakmp any eq isakmp
!
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

PBXLGATE01#

More information about the cisco-voip mailing list