08-13-2012 02:17 AM - edited 02-21-2020 06:16 PM
In case I am using a DMVPN with IPSEC technology for branch connectivity , ISP wont know what kind of traffic I am running since it is encrypted ultimately .
Using DMVPN packet is first encapsulated in GRE and then encrypted with IPSEC credentials . Because the ultimate traffic is IPSEC it requires ISP/Service provider to let port UDP 500 and ESP opened up . Once the tunnel is created I can pass any type of traffic since it is going using ESP .
Having this in mind I have seen a few deployments where we implemented this kind of solution and voice traffic was not passing and ip phones were not able to register itself . Most of the guys pointed out that it could possibly be because iSP is blocking SCCP traffic but my concern is that if we have an IPSEC tunnel from branch to headoffice how can the ISP detect that thing and drop it .
Please provide some input on this .
Solved! Go to Solution.
08-13-2012 02:40 AM
The provider can't see inside the tunnel. He only could assume that it could be voice-traffic:
The Voice-endpoints set the DSCP-value in the IP-header when they send the traffic. These values are copied to the outer IP-header when the traffic is encrypted. With that function you can do QoS also on encrypted traffic.
But I don't think that a provider would filter on that traffic.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-13-2012 02:40 AM
The provider can't see inside the tunnel. He only could assume that it could be voice-traffic:
The Voice-endpoints set the DSCP-value in the IP-header when they send the traffic. These values are copied to the outer IP-header when the traffic is encrypted. With that function you can do QoS also on encrypted traffic.
But I don't think that a provider would filter on that traffic.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide