[cisco-voip] intercluster trunk over IPSec VPN

Wes Sisk wsisk at cisco.com
Fri Feb 10 10:35:41 EST 2012


most likely still packet throughput issues. packets may be late to the point of discarded. they would not technically be lost in that case.

this would manifest as high jitter.  setup the initial all and press the "i" or "?" button twice on the phone to see call statistics.  beyond that take a packet capture.  wireshark has some decent RTP analysis tools built in.

/wes

On Feb 10, 2012, at 6:41 AM, Abebe Amare wrote:

Dears, thank you all for the excellent support

I managed to keep the VPN tunnel up be sending periodic ping but the problem still persist. Bandwidth is reserved for at least four calls (taking into consideration VPN overhead) on a Packetshaper and the call quality is good mid-conversation. But it is is clipping the first few seconds. I dont see any packet loss n the CMR records for a test call. What should I be looking for?

thanks in advance

Abebe



On Thu, Feb 9, 2012 at 5:57 PM, Wes Sisk <wsisk at cisco.com> wrote:
TCP keepalives are only used while a call is active.

When no call is active there is no active h323/h225/h245 signaling, tcp session, or udp.  The only exception is when gatekeeper is used. Then gk registration messages are maintained.  Those are over UDP between the h323 ep and gk.

for a static ICT defined between two CUCM clusters there is no network activity without an active call.

For the duration of an active call the tcp keepalive parameter will help.

regards,
wes

On Feb 9, 2012, at 8:13 AM, Adam Frankel (afrankel) wrote:

Options Ping was added in 8.5(1).

The parameter "Allow TCP KeepAlives For H323 " should take care of this for H323 ICT. 

-Adam


From: Abebe Amare <abucho at gmail.com>
Sent: Thu, Feb 09, 2012 4:52:50 AM
To: Ryan Ratliff <rratliff at cisco.com>
CC: cisco voip <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] intercluster trunk over IPSec VPN

> Hi Ryan,
> 
> The CUCM version is 6.1.3.1000-16. Is the SIP options ping parameter available in this version? Where would you enable it if it is available?
> 
> thanks in Advance,
> 
> Abebe
> 
> On Wed, Feb 8, 2012 at 8:07 PM, Ryan Ratliff <rratliff at cisco.com> wrote:
> What about a SIP trunk with options ping enabled?
> 
> -Ryan
> 
> On Feb 8, 2012, at 7:05 AM, Abebe Amare wrote:
> 
> Hi Dennis,
> 
> Configuring a persistent L2L tunnel proved to be very elusive. I settled for running a periodic ping scheduled to keep the tunnel running.
> 
> Thanks for your help
> 
> Abebe
> 
> On Tue, Feb 7, 2012 at 6:16 PM, Dennis Heim <Dennis.Heim at cdw.com> wrote:
> I think you answered your own question. IPSEC tunnel’s take time to bring up. Maybe you could tweak some of the VPN negotiating parameters, or create a separate L2 tunnel profile/group just for your voice that is permanent and does not have an inactivity timer.
> 
>  
>  
> Dennis Heim
> Senior Engineer (Unified Communications)
> CDW  Advanced Technology Services
> 10610 9th Place
> Bellevue, WA 98004
> 
> 425.310.5299 Single Number Reach (WA)
> 
> 317.569.4255 Single Number Reach (IN)
> 317.569.4201 Fax
> dennis.heim at cdw.com
> cdw.com/content/solutions/unified-communications/
> 
>  
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Abebe Amare
> Sent: Tuesday, February 07, 2012 4:10 AM
> To: cisco voip
> Subject: [cisco-voip] intercluster trunk over IPSec VPN
> 
>  
> Dears,
> 
> I have configured an Inter-Cluster trunk from CUCM to another site with CUCME. There is an IPSec L2L VPN terminating at ASA 5500 firewall on both ends
> 
> CUCM --->ASA 5540--->Internet <---ASA 5510<---CUCME
> 
> On the ASA,the IPSec tunnel is terminated after 30 minute of inactivity (default) which is causing a problem. When a phone in one site tries to call another phone in the other site there is a noticeable gap before actual conversation is heard over the phone. Once conversation starts, there is no delay or break in audio. Has anyone faced this issue?
> 
> best regards,
> 
> Abebe
> 
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
> 
> 
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120210/1502d82c/attachment.html>


More information about the cisco-voip mailing list