cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2213
Views
0
Helpful
13
Replies

uc540 phone in remote location (vpn tunnel) voice cut, many problems

datak2011
Level 1
Level 1

here's my setup

uc540 (192.168.0.96) used by wan port in 192.168.0.0 network

192.168.10.0 network connected through a vpn tunnel to 192.168.0.0 network

phone and data in same network in both networks (192.168.0.0 and 192.168.10.0)

When people speaks together between network 192.168.0.0 and network 192.168.10.0, sometimes voice drop, we can't hear anything,voice really slow etc.

Why ?

The ping between both network is under 100ms

      

could it be the tunnel encryption ? I'm using 3DES MD5 1024bits

13 Replies 13

danplacek
Level 4
Level 4

VPN tunnels over the public internet do not have Quality of Service (QOS).

Voice traffic is very sensitive to changes in latency, packet loss, and large delays.

A MPLS is generally the recommended way to do site-to-site voice reliably.

Short of that, the only things I can recommend are:

1. Make sure Traffic Shaping is setup correctly. (Under "Internet Connection" in CCA, second tab)

2. Open a STAC case and have them review your traffic shaping configuration. (If you have a contract)

3. Upgrade your internet connection(s) (More bandwidth SOMETIMES helps -- depending on the cause of the problem)

in traffic shaping, should i put 100% in media reservation since i'm using the wan port as a lan port in my network ? (the uc540 is not my router)

Mmm, I should have read your topology more closely... so your data network routers actually handle the VPN?

If that is the case, traffic shaping would have to be configured on them instead.

yes exactly, i've got a cisco rv180w handling my VPN

I guess i'm not the only using remote phone over vpn! I'm sure there's a solution for my problem.

What are the port used when people are speaking together between vpn tunnel ? I'll priorise them.

Ports for RTP (voice) are 16384 to 32767 UDP.

Keep in mind that you probably can't just prioritize those on the WAN interface of your router -- by the time they reach there they are already encrypted and wrapped in IPSEC (or SSL).

There is a solution for your problem -- MPLS (or PTP).

Voice on a VPN over the internet CAN work... if the conditions are favorable. There is no way to garuantee that though.

what's mpls and ptp

http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

Basically, MPLS is a connection that you buy to connect multiple offices to each other. It is similar to an internet connection, but is ONLY used for communication between offices. You are also garuanteed a certain amount of bandwidth, and can prioritize traffic (such as voice) all the way across the tunnel, to ensure voice quality.

A PTP is similar... but it a single one-to-one tunnel (and you have to configure your own QOS -- and usually provide your own T1 capable routers for it too).

http://en.wikipedia.org/wiki/Point-to-point_(telecommunications)#Basic_point-to-point_data_link

Unfortunately, neither is cheap. (for small businesses anyway)

ok it's not a possible solution for use since we're a small business.

if we buy another uc540 and put it in the remote network and link both uc540 together, will it be better ?

Maybe? As I said before, over the internet -- you have no garuantees.

The best you can do is configure traffic shaping (on whichever peice of a equipment is your gateway to the internet) and hope for the best. As mentioned before, increasing bandwidth can sometimes help as well.

I don't know much about the RV180W... if the UC500 has better traffic shaping capabilities, and you had a UC500 on each end as the gateway -- maybe it would work better... but I would consult Cisco STAC about that; as I said, I don't have experience with that router.

By the way, if you are able to get a packet capture of the RTP traffic to/from the UC, Wireshark is capable of analyzing it and telling you the reason for voice issues (jitter, loss, etc). Might be worth a look.

would it be better if we would put the uc540 as the router/inter gateway thatn using it by the wan port?

Will we have less problem and more stability ?

Possibly -- since CCA is able to configure traffic shaping properly on the UC500.

However, there is no garuantee.

ok but you said this :

Keep in mind that you probably can't just prioritize those on the WAN interface of your router -- by the time they reach there they are already encrypted and wrapped in IPSEC (or SSL).

so i guess it's the same thing if the uc540 is the router/firewall

There are ways around that.

This is kind of technical but... http://packetlife.net/blog/2009/jun/17/qos-pre-classification/

I am not sure if CCA's traffic shaping config is setup for this or not...

I would really recommend opening a case with Cisco to discuss this.

They can review all your config files.