01-29-2015 10:45 AM - edited 02-21-2020 08:03 PM
I am looking to get some help in setting up QoS for voice traffic over a site to site IPSEC VPN tunnel. My goal is to prioritize VoIP traffic over the tunnel so that we do not get any dropped calls / disconnects / poor call quality.
Current setup is
(Branch)---ASA5512x----------Internet VPN Tunnel--------ASA5512x---(HQ)
Information about the VPN tunnel:
- Used mostly for VoIP traffic (about 20 users) that communicates to the Cisco UCS in HQ
- Some DATA traffic may go across the line, but not anything extensive
- Internet traffic goes out locally (Not tunneled)
Here is a snapshot of the VPN tunnel config (I have scrubbed clean most of the sensitive data:
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-3DES-MD5
crypto map TUNNELMAP 10 match address TUNNEL
crypto map TUNNELMAP 10 set peer X.X.X.X Y.Y.Y.Y
crypto map TUNNELMAP 10 set ikev1 transform-set ESP-3DES-MD5
crypto map TUNNELMAP interface Outside
crypto ikev1 enable Outside
crypto ikev1 policy 15
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
tunnel-group LSSC-VPN type ipsec-l2l
tunnel-group VPN_Tunnel type ipsec-l2l
tunnel-group VPN_Tunnel ipsec-attributes
ikev1 pre-shared-key ****
tunnel-group VPN_Tunnel_backup type ipsec-l2l
tunnel-group VPN_Tunnel_backup ipsec-attributes
ikev1 pre-shared-key ****
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous