i got it to work but i did some different,

i used auto qos on the wan interface of the spoke route, then i did qos prequalify on the tunnel interface and on the hub i did qos prequalify only on the tunnel interface, would this work ok? i have another question i probably gonna have 5 spokes now why would i need a multilink and a tunnel interface instead of just the tunnul interface?

multilink is just how i connect to internet, you can have serial or fa0/0 or gi0/0, this does not matter.

is there a way that i can use active directory or the IAS (radius) server to autehnticate users using webvpn?

yes using aaa create authentication for network

aaa authentication network group radius

and point to your IAS server.

do you have an exaple configuration i tried that and i cant seem to get it to work

looks like i still need you help, here is the policy for the hub qos prequlify is being apply to interface tunnel 0, the policy map below is being apply to wan link

****when im uploading, the phone still garbled

what else do i need to configure?

class-map match-all avaya-traffic

match ip dscp af31

class-map match-all avaya-voice

match ip dscp ef

!!

policy-map DMVPN

class avaya-voice

priority percent 33

class avaya-traffic

bandwidth percent 10

class class-default

fair-queue

interface Tunnel0

description DMVPN Interface for remote access

bandwidth 1000

ip address 10.0.0.1 255.255.255.0

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip nhrp authentication westmont

ip nhrp map multicast dynamic

ip nhrp network-id 99

ip nhrp holdtime 300

ip nhrp cache non-authoritative

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

qos pre-classify

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile vpnippro

interface GigabitEthernet0/0

description Public Network Interface$ETH-LAN$

ip address 38.113.137.150 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

service-policy output DMVPN

+++++++++++++++++++++++++++++++++++

======Spoke==================

samething on this one to0

class-map match-any Voice

match ip dscp ef

!!

policy-map voip

class Voice

bandwidth 128

random-detect dscp-based

class class-default

fair-queue

nterface Tunnel0

bandwidth 100

ip address 10.0.0.2 255.255.255.0

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip nhrp authentication westmont

ip nhrp map 10.0.0.1 38.113.137.150

ip nhrp map multicast 38.113.137.150

ip nhrp network-id 99

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

ip tcp adjust-mss 1360

delay 1000

qos pre-classify

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile vpn

interface FastEthernet4

bandwidth 384

bandwidth receive 768

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

auto discovery qos trust

service-policy output voip

+++++++++HUB++++++++++++++++

y output: DMVPN

Class-map: avaya-voice (match-all)

2233 packets, 795686 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: ip dscp ef (46)

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 33 (%)

Bandwidth 330000 (kbps) Burst 8250000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: avaya-traffic (match-all)

2857 packets, 950126 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: ip dscp af31 (26)

Queueing

Output Queue: Conversation 265

Bandwidth 10 (%)

Bandwidth 100000 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)

204497 packets, 62183144 bytes

5 minute offered rate 1000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 0/0/0

ok, your hub is souring out of gig interface. qos will never work until this interface is utilized at 100%. what kind of internet connection do you have, lets say if your upload in only 5meg. this is what i would do.

class-map match-all avaya-traffic

match ip dscp af31

class-map match-all avaya-voice

match ip dscp ef

!!

policy-map DMVPN

class avaya-voice

priority percent 33

class avaya-traffic

bandwidth percent 10

class class-default

fair-queue

policy-map INTERNET

class class-default

shape average 5000000 50000

fair-queue

random-detect

service-policy DMVPN

fair-queue

int g0/0

service-policy output INTERNET

this will shape the traffic to 5meg, and if 5mg is at 100% then qos will kick in, you can always adjust 500000 to what ever your upload speed is.

hope this helps

do i need to do anything on the spoke, the phone is on he spokes network

same concept, i noticed your spoke connects via fastethernet, so again qos will not work if traffic is not at 100% of 100mg.

i decided to migrate to GETVPN now can i having a couple of issue can you send me an exaple config with details and qos

nevermind GETVPN doesnt support NAT, weird but oh well