<div> Manoj,</div>
<div> </div>
<div>Your Qos configuration looks ok,I had similar Issues V3PN setup ,some of the things you need to consider for this kind of setup is</div>
<div> </div>
<div>1.Use hardware encryption for VPN as software encryption adds unneccassry delays</div>
<div>2.Check the Voice codec for your inter site calls and during a bad call press the ? key on the phone to check MAX jitter and RXLOST values.</div>
<div>3. Do sh policy-map interface to check for drops ,if so see drops change your priority queue bandwitdhs</div>
<div>3.There is a service parrametter in callmanager to remove G.729ab,G.729b from cabablities when calls are established,I had considerable improvement in voice quality after changing this parrametter to true as by default its
false.I could not use g.729 for voice calls as voice sounded very choppy ,once i applied this change i am able to use g.729 for calls.</div>
<div> </div>
<div>Hope this helps</div>
<div>Aman<br><br> </div>
<div><span class="gmail_quote">On 9/29/06, <b class="gmail_sendername">Manoj Kalpage</b> <<a href="mailto:manoj.kalpage@gmail.com">manoj.kalpage@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi all,<br>We have hosted PBX system which is located in data centre and we have<br>dedicated 1MB internet connection. At present we only have four remote sites
<br>and all of them have high speed ADSL connection for both their data and<br>Voice. Each sites has 4 to 5 phones. We used to use PIX 515 at Data centre<br>and PIX 501 at remote sites. As we were experiencing voice quality issue we
<br>moved to Cisco 2821 at Data centre and 800 series at remote sites. I have<br>configured DMVPN using GRE over IPSec for our VPN network. all the tunnels<br>are up and seems to be working fine so far but I am just wondering whether I
<br>got right QoS configuration at HeadEnd Router. As, I am a newbie for QoS, I<br>have referred various cisco documentations to configure bellow DMVPN and QoS<br>for our head end router. Since we don't have data transaction at HeadEnd
<br>site I think I can use 75% of bandwidth for voice it self. Can some one<br>help me figure out QoS requirment for my network environment.<br><br>Thank you in advanced,<br><br>Best regards<br>Manoj<br><br>---------------------------------------------------------------------------
<br>Building configuration...<br><br>Current configuration : 5063 bytes<br>!<br>version 12.4<br>service timestamps debug datetime msec<br>service timestamps log datetime msec<br>no service password-encryption<br>!<br>hostname PBXLGATE01
<br>!<br>boot-start-marker<br>boot-end-marker<br>!<br>logging buffered 51200 warnings<br>!<br>no aaa new-model<br>!<br>resource policy<br>!<br>ip cef<br><br>!<br>ip domain name <a href="http://yourdomain.com">yourdomain.com
</a><br>!<br>!<br>crypto pki trustpoint TP-self-signed-2723000426<br>enrollment selfsigned<br>subject-name cn=IOS-Self-Signed-Certificate-2723000426<br>revocation-check none<br>rsakeypair TP-self-signed-2723000426<br>!<br>
!<br>crypto pki certificate chain TP-self-signed-2723000426<br>certificate self-signed 01<br>30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030<br>31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
<br>quit<br>username xxxx privilege 15 secret 5 @#@#@@@GlPb96SyZxV6Q0<br>!<br>!<br>class-map match-all VOICE<br>match ip dscp ef<br>class-map match-all SCAVENGER<br>match ip dscp cs1<br>class-map match-any INTERNETWORK-CONTROL
<br>match ip dscp cs6<br>match access-group name IKE<br>class-map match-any CALL-SIGNALING<br>match ip dscp cs3<br>match ip dscp af31<br>!<br>!<br>policy-map V3PN-EDGE<br>class VOICE<br>priority percent 55<br>class CALL-SIGNALING
<br>bandwidth percent 5<br>class INTERNETWORK-CONTROL<br>bandwidth percent 5<br>class SCAVENGER<br>bandwidth percent 1<br>queue-limit 1<br>class class-default<br>bandwidth percent 9<br>queue-limit 16<br>!<br>!<br>crypto isakmp policy 10
<br>hash md5<br>authentication pre-share<br>crypto isakmp key 6 G0G0G0G0 address <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://0.0.0.0">0.0.0.0</a><br>!<br>!<br>crypto ipsec transform-set PBXL esp-3des esp-md5-hmac
<br>!<br>crypto ipsec profile PBXL<br>set security-association lifetime seconds 120<br>set transform-set PBXL<br>!<br>!<br>interface Tunnel0<br>ip address <a href="http://10.10.1.1">10.10.1.1</a> <a href="http://255.255.255.0">
255.255.255.0</a><br>no ip redirects<br>ip mtu 1440<br>ip nhrp authentication xxxxxxxx<br>ip nhrp map multicast dynamic<br>ip nhrp network-id 1<br>ip tcp adjust-mss 1360<br>qos pre-classify<br>tunnel source FastEthernet0/0
<br>tunnel mode gre multipoint<br>tunnel key 0<br>tunnel protection ipsec profile PBXL<br>!<br><br>interface FastEthernet0/0<br>description Connect to Verizon Network<br>bandwidth 1000<br>ip address <a href="http://222.222.222.222">
222.222.222.222</a> <a href="http://255.255.255.192">255.255.255.192</a><br>ip nbar protocol-discovery<br>ip nat outside<br>ip virtual-reassembly<br>duplex auto<br>speed auto<br>service-policy output V3PN-EDGE<br>!<br>interface FastEthernet0/1
<br>ip address <a href="http://192.168.4.1">192.168.4.1</a> <a href="http://255.255.255.0">255.255.255.0</a><br>ip nat inside<br>ip virtual-reassembly<br>duplex auto<br>speed auto<br>!<br>router eigrp 90<br>network <a href="http://10.0.0.0">
10.0.0.0</a><br>network <a href="http://172.16.0.0">172.16.0.0</a> <a href="http://0.0.0.255">0.0.0.255</a><br>no auto-summary<br>!<br>ip route <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://222.222.222.222">
222.222.222.222</a><br>!<br>!<br>ip http server<br>ip http authentication local<br>ip http secure-server<br>ip http timeout-policy idle 600 life 86400 requests 1000<br>ip nat inside source list 1 interface FastEthernet0/0 overload
<br>!<br>ip access-list extended IKE<br>permit udp any eq isakmp any eq isakmp<br>!<br>access-list 1 permit <a href="http://192.168.4.0">192.168.4.0</a> <a href="http://0.0.0.255">0.0.0.255</a><br>!<br>!<br>control-plane<br>
!<br>!<br>line con 0<br>login local<br>line aux 0<br>line vty 0 4<br>access-class 23 in<br>privilege level 15<br>login local<br>transport input ssh<br>!<br>scheduler allocate 20000 1000<br>end<br><br>PBXLGATE01#<br><br><br>
<br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">
https://puck.nether.net/mailman/listinfo/cisco-voip</a><br><br><br></blockquote></div><br>