Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
0
Helpful
1
Replies

Basic QoS over a VPN?

cluovpemb
Level 1
Level 1

‎01-22-2013 12:53 PM

I have a pair of Cisco 891W routers, deployed one at each site.  I have site to site (L2L) IPSec VPN configured and working using crypto maps.  All traffic is allowed from one LAN to the other, as far as I know. 

Today I dicovered that I need to put in QoS to support an IP Phone.  A single IP phone at branch office, to the main phone system at head office. 

I do not have experience with QoS at all.  Simplicity is key here. 

From what i find online, here's what I believe needs to be done:

1.  Create an ACL, calling it VOIPACL, specify the IP of the phone going to the network where the phone system is.  So:

     permit ip host 192.168.4.201 192.168.0.0 0.0.0.255

2.  Create a class map to house the ACL

     #class-map match-all VoIP

     #match access-group name VOIPACL

3.  Create policy map to house the clas map

     #policy-map VoIP

     #class VoIP

Here's where I get lost.  There seem to be various opinions of how to do things but as I don't understand the implications of anything, I am not goign to attempt anything without expert or experienced confirmation.  For example, I can put bandwidth percent 50, which I guess divides the line into 50% for any traffic coming from 192.168.4.201 IP phone, and since I didn't specify what to do with the other 50%, I assume the router just ttreats that as regular traffic. 

Then I saw stuff about IP precedence, and Set priority, and Priority, and fair-queue and so on.  At that point I stopped, and now need help

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-23-2013 02:02 AM

Voice traffic typically should be guarnateed priority queue to avoid delay/jitter.

You might be also interested in qos pre-classify:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html#wp56280

Some config guide material:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dplane/configuration/15-mt/sec-llq-ipsec-enrypt.html

What you also need to remember is that voice(RTP) traffic should be marked by default with EF DSCP - this tagging should be copied to the outter header afetr encapsulation, you can also use that when making decision.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents