Solved: You can use Device Mobility

Wayne.Grace · ‎02-11-2015

Hello,

I'm looking for guidance on optimizing phone call quality through a VPN connection.

The calls are not of consistent quality, and occasionally one side of the call will drop out.

Our environment includes:

7945 IP Phones located at remote locations using residential internet at 4Mbps or more.

ASA5512 sitting in an offsite data center, alongside Call Manager sub/pub ver 9.0.1

2901 gateways in multiple, home office locations across the US on 1.5Mbps connections with pots or PRI.

The 7945s connect via AnyConnect tunnel to the ASA and then their defined 2901 for external calls.

DTLS-Tunnel AES-256 Tunnel ID: 687.9

Hashing: SHA1

Encapsulation: DTLSv1.0

Rekey Time Interval: 3600 Seconds

Idle Time Out: 30 Minutes

Client Type: DTLS VPN Client

Client Ver: Cisco SVC IPPhone Client v1.0 (1.0)

Extended ASA Settings:

DTLS Compression Enabled

SSL Compression LZS

DF Bit Ignore Enabled

MTU 1290

Renegotiation Interval 60 mins via SSL

I recently enabled the compression and DFBit ignore, lowered the MTU and set the renegotiation interval to clean up stale connections. But my testing hasn't returned consistent results. If anyone has similar deployment I would appreciate any feedback on "What works" for these multiple user sites and phone qos communication via dtls.

Call Manager config is where it gets interesting, as I have not found a detailed deployment guide.

MTU is 1290

g711 intra-site

g729 site to site

Our users utilize the same phone on site and at home. Their region is set to their gateway region. This obviously causes intra-site calls including calls through the gateway to POTS to be g711 which is ~80kbps.

I'm currently designing a new region for work from home users which will negotiate everything at g729. This does not seem the best choice as we want g711 where possible.

Is there any way to identify anyconnect clients and negotiate g711 at that point?

Will utilizing the VPN Phone proxy in ASA provide any additional quality or features?

Is there a prefered way to design regions for multi-site users?

Terry Cheema · ‎02-12-2015

You can use Device Mobility to identify the remote users. With Device Mobility when a phone boots up the CUCM compares the IP address with the Device Mobility info and puts it in the appropriate device pool according to the subnets defined.

And you can define a Device Pool for the remote users and define the required treatment like regions etc.

-Terry

View solution in original post

Terry Cheema · ‎02-12-2015

You can use Device Mobility to identify the remote users. With Device Mobility when a phone boots up the CUCM compares the IP address with the Device Mobility info and puts it in the appropriate device pool according to the subnets defined.

And you can define a Device Pool for the remote users and define the required treatment like regions etc.

-Terry

Wayne.Grace · ‎02-13-2015

Terry,

Thank you very much!

VPN users must adhere to the following guidelines:

•Configure Device Mobility Info (DMI) with the IP subnets distributed or owned by the VPN concentrators.

•Associate the DMI with the same device pool that is used for devices co-located with the VPN concentrators. However, parameters such as calling privileges, network locale, and so forth, must be taken into consideration.

•Educate the users to use the nearest VPN concentrator

from http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/4x/42dvmobl.html#wp1073043

Terry Cheema · ‎02-13-2015

No Worries Wayne - glad that helped.

-Terry

VPN Phone multi-site quality concerns and region settings