Showing results for 
Search instead for 
Did you mean: 

Basic QoS over a VPN?

I have a pair of Cisco 891W routers, deployed one at each site.  I have site to site (L2L) IPSec VPN configured and working using crypto maps.  All traffic is allowed from one LAN to the other, as far as I know. 

Today I dicovered that I need to put in QoS to support an IP Phone.  A single IP phone at branch office, to the main phone system at head office. 

I do not have experience with QoS at all.  Simplicity is key here. 

From what i find online, here's what I believe needs to be done:

1.  Create an ACL, calling it VOIPACL, specify the IP of the phone going to the network where the phone system is.  So:

     permit ip host

2.  Create a class map to house the ACL

     #class-map match-all VoIP

     #match access-group name VOIPACL

3.  Create policy map to house the clas map

     #policy-map VoIP

     #class VoIP

Here's where I get lost.  There seem to be various opinions of how to do things but as I don't understand the implications of anything, I am not goign to attempt anything without expert or experienced confirmation.  For example, I can put bandwidth percent 50, which I guess divides the line into 50% for any traffic coming from IP phone, and since I didn't specify what to do with the other 50%, I assume the router just ttreats that as regular traffic. 

Then I saw stuff about IP precedence, and Set priority, and Priority, and fair-queue and so on.  At that point I stopped, and now need help

Marcin Latosiewicz
Cisco Employee

Voice traffic typically should be guarnateed priority queue to avoid delay/jitter.

You might be also interested in qos pre-classify:

Some config guide material:

What you also need to remember is that voice(RTP) traffic should be marked by default with EF DSCP - this tagging should be copied to the outter header afetr encapsulation, you can also use that when making decision.

Recognize Your Peers
Content for Community-Ad