<br><br><div class="gmail_quote">On Fri, May 8, 2009 at 3:45 PM, Jeff LaCoursiere <span dir="ltr"><<a href="mailto:jeff@jeff.net">jeff@jeff.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
On Fri, 8 May 2009, Aurimas Skirgaila wrote:<br>
<br>
> Despite the VPN overhead, running VOIP through VPN is good idea because VPN<br>
> reorders encapsulated UDP packets in correct order. Security matters as<br>
> well.<br>
<br>
</div>Reorders? How so? I think it will maintain the order, only if they have<br>
arrived in the "correct" order.</blockquote><div><br></div><div>UDP doesn't guarantee that over long way packets arrive in correct order, while TCP based VPN would sort them correctly ;) well, I'm not sure if all kinds of VPN are SSL/TCP based.</div>
<div>The author mentioned remote offices so this might be useful for him.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<div class="im"><br>
><br>
> I'd suggest to route VNC packets rather over internet than VPN (so do I), as<br>
> VPN usually has the highest priority.<br>
><br>
<br>
</div>Unless QoS is implemented packets are first come first served. There is<br>
no "usually has the highest priority". Routing one over the Internet<br>
versus over the VPN won't change that priority.<br>
<div><div></div><div class="h5"></div></div></blockquote><div><br></div><div>ok. probably I've misread somewhere about switches which QoS enabled is by default. By the way we do ask our ISP to prioritize VPN packets and they do.</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="h5"><br>
j<br>
<br>
> On Thu, May 7, 2009 at 11:33 PM, Roberto Piola <<a href="mailto:roberto.piola@visiant.it">roberto.piola@visiant.it</a>>wrote:<br>
><br>
>> I do not have examples, but if you are using the 1700 series router in<br>
>> order to originate the ipsec vpn, you may use command qos pre-classify<br>
>> (please search for it on <a href="http://cco.cisco.com" target="_blank">cco.cisco.com</a>)<br>
>><br>
>> On Thu, May 7, 2009 at 9:54 PM, Brent Davidson <<br>
>> <a href="mailto:brent@texascountrytitle.com">brent@texascountrytitle.com</a>> wrote:<br>
>><br>
>>> I've got multiple satellite office all linked back to the main office<br>
>>> via VPN. Each office has their own asterisk server which registers back<br>
>>> to the main office's Asterisk server. Each office also has a 1Mb<br>
>>> downstream / 384k - 768k upstream connection. The branches are using<br>
>>> Speex for their connections back to the main office. The issue I'm<br>
>>> having is that there are times that I need to VNC in to machines at the<br>
>>> various offices for tech support while the user is also on the phone.<br>
>>> Unfortunately the VNC connection apparently takes priority and makes it<br>
>>> impossible for me to understand anything the person on the phone is<br>
>>> saying, although they can still hear me fine.<br>
>>><br>
>>> Our Main office uses a Cisco PIX 506 for the main firewall and VPN<br>
>>> concentrator. Each branch office used a Cisco 1700 series router with<br>
>>> IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the<br>
>>> main router or the branch routers to make sure the voice quality takes<br>
>>> precedence over the VNC? (Any example configs would be greatly<br>
>>> appreciated)<br>
>>><br>
>>> Would I be better off routing the voice packets over the internet rather<br>
>>> than the VPN, and could I safely do that without exposing the asterisk<br>
>>> boxes to unnecessary security risks? (At present all of our asterisk<br>
>>> boxes are behind the firewalls and only talk to each other over the<br>
>>> VPN. All PSTN connection is done through TDM boards so they have no<br>
>>> direct exposure to the internet.)<br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
>><br>
>> asterisk-users mailing list<br>
>> To UNSUBSCRIBE or update options visit:<br>
>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> Mvh,<br>
> Aurimas Skirgaila<br>
><br>
<br>
_______________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Mvh,<br>Aurimas Skirgaila<br>