[asterisk-users] QoS & VPN
Garth van Sittert
garth at bitco.co.za
Fri May 8 10:07:43 CDT 2009
I would think that VoIP over VPN is a bad idea as UDP packets need to be
in realtime not corrected by the TCP of the VPN.
Garth van Sittert
Technical Director
BitCo
08600 24826
www.bitco.co.za
Aurimas Skirgaila wrote:
> Despite the VPN overhead, running VOIP through VPN is good idea
> because VPN reorders encapsulated UDP packets in correct order.
> Security matters as well.
>
> I'd suggest to route VNC packets rather over internet than VPN (so do
> I), as VPN usually has the highest priority.
>
> On Thu, May 7, 2009 at 11:33 PM, Roberto Piola
> <roberto.piola at visiant.it <mailto:roberto.piola at visiant.it>> wrote:
>
> I do not have examples, but if you are using the 1700 series
> router in order to originate the ipsec vpn, you may use command
> qos pre-classify (please search for it on cco.cisco.com
> <http://cco.cisco.com>)
>
>
> On Thu, May 7, 2009 at 9:54 PM, Brent Davidson
> <brent at texascountrytitle.com <mailto:brent at texascountrytitle.com>>
> wrote:
>
> I've got multiple satellite office all linked back to the main
> office
> via VPN. Each office has their own asterisk server which
> registers back
> to the main office's Asterisk server. Each office also has a 1Mb
> downstream / 384k - 768k upstream connection. The branches
> are using
> Speex for their connections back to the main office. The
> issue I'm
> having is that there are times that I need to VNC in to
> machines at the
> various offices for tech support while the user is also on the
> phone.
> Unfortunately the VNC connection apparently takes priority and
> makes it
> impossible for me to understand anything the person on the
> phone is
> saying, although they can still hear me fine.
>
> Our Main office uses a Cisco PIX 506 for the main firewall and VPN
> concentrator. Each branch office used a Cisco 1700 series
> router with
> IPSec enabled in the IOS. Is there any sort of QoS I can turn
> on on the
> main router or the branch routers to make sure the voice
> quality takes
> precedence over the VNC? (Any example configs would be
> greatly appreciated)
>
> Would I be better off routing the voice packets over the
> internet rather
> than the VPN, and could I safely do that without exposing the
> asterisk
> boxes to unnecessary security risks? (At present all of our
> asterisk
> boxes are behind the firewalls and only talk to each other
> over the
> VPN. All PSTN connection is done through TDM boards so they
> have no
> direct exposure to the internet.)
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> --
> Mvh,
> Aurimas Skirgaila
> ------------------------------------------------------------------------
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list