[asterisk-users] QoS & VPN

Aurimas Skirgaila a.skirgaila at gmail.com
Fri May 8 07:40:46 CDT 2009 

Despite the VPN overhead, running VOIP through VPN is good idea because VPN
reorders encapsulated UDP packets in correct order. Security matters as
well.

I'd suggest to route VNC packets rather over internet than VPN (so do I), as
VPN usually has the highest priority.

On Thu, May 7, 2009 at 11:33 PM, Roberto Piola <roberto.piola at visiant.it>wrote:

> I do not have examples, but if you are using the 1700 series router in
> order to originate the ipsec vpn, you may use command  qos pre-classify
> (please search for it on cco.cisco.com)
>
> On Thu, May 7, 2009 at 9:54 PM, Brent Davidson <
> brent at texascountrytitle.com> wrote:
>
>> I've got multiple satellite office all linked back to the main office
>> via VPN.  Each office has their own asterisk server which registers back
>> to the main office's Asterisk server.  Each office also has a 1Mb
>> downstream / 384k - 768k upstream connection.  The branches are using
>> Speex for their connections back to the main office.  The issue I'm
>> having is that there are times that I need to VNC in to machines at the
>> various offices for tech support while the user is also on the phone.
>> Unfortunately the VNC connection apparently takes priority and makes it
>> impossible for me to understand anything the person on the phone is
>> saying, although they can still hear me fine.
>>
>> Our Main office uses a Cisco PIX 506 for the main firewall and VPN
>> concentrator.  Each branch office used a Cisco 1700 series router with
>> IPSec enabled in the IOS.  Is there any sort of QoS I can turn on on the
>> main router or the branch routers to make sure the voice quality takes
>> precedence over the VNC?  (Any example configs would be greatly
>> appreciated)
>>
>> Would I be better off routing the voice packets over the internet rather
>> than the VPN, and could I safely do that without exposing the asterisk
>> boxes to unnecessary security risks?  (At present all of our asterisk
>> boxes are behind the firewalls and only talk to each other over the
>> VPN.  All PSTN connection is done through TDM boards so they have no
>> direct exposure to the internet.)
>>
>>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Mvh,
Aurimas Skirgaila
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090508/12dabbf5/attachment.htm

More information about the asterisk-users mailing list