[cisco-voip] DMVPN and QOS implementaion
Manoj Kalpage
manoj.kalpage at gmail.com
Sat Sep 30 12:18:10 EDT 2006
Aman,
Thank you very much for your reply. This is very helpfull.
G.729 parameter change is very interesting. I am using GT.711 just because for the conference feature. Does G.729 support for conference call at remote sites?
Thanks,
Manoj
----- Original Message -----
From: Aman Chugh
To: Manoj Kalpage
Cc: cisco-voip at puck.nether.net
Sent: Saturday, September 30, 2006 1:46 AM
Subject: Re: [cisco-voip] DMVPN and QOS implementaion
Manoj,
Your Qos configuration looks ok,I had similar Issues V3PN setup ,some of the things you need to consider for this kind of setup is
1.Use hardware encryption for VPN as software encryption adds unneccassry delays
2.Check the Voice codec for your inter site calls and during a bad call press the ? key on the phone to check MAX jitter and RXLOST values.
3. Do sh policy-map interface to check for drops ,if so see drops change your priority queue bandwitdhs
3.There is a service parrametter in callmanager to remove G.729ab,G.729b from cabablities when calls are established,I had considerable improvement in voice quality after changing this parrametter to true as by default its false.I could not use g.729 for voice calls as voice sounded very choppy ,once i applied this change i am able to use g.729 for calls.
Hope this helps
Aman
On 9/29/06, Manoj Kalpage <manoj.kalpage at gmail.com> wrote:
Hi all,
We have hosted PBX system which is located in data centre and we have
dedicated 1MB internet connection. At present we only have four remote sites
and all of them have high speed ADSL connection for both their data and
Voice. Each sites has 4 to 5 phones. We used to use PIX 515 at Data centre
and PIX 501 at remote sites. As we were experiencing voice quality issue we
moved to Cisco 2821 at Data centre and 800 series at remote sites. I have
configured DMVPN using GRE over IPSec for our VPN network. all the tunnels
are up and seems to be working fine so far but I am just wondering whether I
got right QoS configuration at HeadEnd Router. As, I am a newbie for QoS, I
have referred various cisco documentations to configure bellow DMVPN and QoS
for our head end router. Since we don't have data transaction at HeadEnd
site I think I can use 75% of bandwidth for voice it self. Can some one
help me figure out QoS requirment for my network environment.
Thank you in advanced,
Best regards
Manoj
---------------------------------------------------------------------------
Building configuration...
Current configuration : 5063 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PBXLGATE01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip cef
!
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-2723000426
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2723000426
revocation-check none
rsakeypair TP-self-signed-2723000426
!
!
crypto pki certificate chain TP-self-signed-2723000426
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
quit
username xxxx privilege 15 secret 5 @#@#@@@GlPb96SyZxV6Q0
!
!
class-map match-all VOICE
match ip dscp ef
class-map match-all SCAVENGER
match ip dscp cs1
class-map match-any INTERNETWORK-CONTROL
match ip dscp cs6
match access-group name IKE
class-map match-any CALL-SIGNALING
match ip dscp cs3
match ip dscp af31
!
!
policy-map V3PN-EDGE
class VOICE
priority percent 55
class CALL-SIGNALING
bandwidth percent 5
class INTERNETWORK-CONTROL
bandwidth percent 5
class SCAVENGER
bandwidth percent 1
queue-limit 1
class class-default
bandwidth percent 9
queue-limit 16
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key 6 G0G0G0G0 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set PBXL esp-3des esp-md5-hmac
!
crypto ipsec profile PBXL
set security-association lifetime seconds 120
set transform-set PBXL
!
!
interface Tunnel0
ip address 10.10.1.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication xxxxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile PBXL
!
interface FastEthernet0/0
description Connect to Verizon Network
bandwidth 1000
ip address 222.222.222.222 255.255.255.192
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
service-policy output V3PN-EDGE
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
router eigrp 90
network 10.0.0.0
network 172.16.0.0 0.0.0.255
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 222.222.222.222
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 1000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip access-list extended IKE
permit udp any eq isakmp any eq isakmp
!
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input ssh
!
scheduler allocate 20000 1000
end
PBXLGATE01#
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20061001/e445714c/attachment.html
More information about the cisco-voip
mailing list