[asterisk-users] QoS & VPN
Jeff LaCoursiere
jeff at jeff.net
Fri May 8 07:45:45 CDT 2009
On Fri, 8 May 2009, Aurimas Skirgaila wrote:
> Despite the VPN overhead, running VOIP through VPN is good idea because VPN
> reorders encapsulated UDP packets in correct order. Security matters as
> well.
Reorders? How so? I think it will maintain the order, only if they have
arrived in the "correct" order.
>
> I'd suggest to route VNC packets rather over internet than VPN (so do I), as
> VPN usually has the highest priority.
>
Unless QoS is implemented packets are first come first served. There is
no "usually has the highest priority". Routing one over the Internet
versus over the VPN won't change that priority.
j
> On Thu, May 7, 2009 at 11:33 PM, Roberto Piola <roberto.piola at visiant.it>wrote:
>
>> I do not have examples, but if you are using the 1700 series router in
>> order to originate the ipsec vpn, you may use command qos pre-classify
>> (please search for it on cco.cisco.com)
>>
>> On Thu, May 7, 2009 at 9:54 PM, Brent Davidson <
>> brent at texascountrytitle.com> wrote:
>>
>>> I've got multiple satellite office all linked back to the main office
>>> via VPN. Each office has their own asterisk server which registers back
>>> to the main office's Asterisk server. Each office also has a 1Mb
>>> downstream / 384k - 768k upstream connection. The branches are using
>>> Speex for their connections back to the main office. The issue I'm
>>> having is that there are times that I need to VNC in to machines at the
>>> various offices for tech support while the user is also on the phone.
>>> Unfortunately the VNC connection apparently takes priority and makes it
>>> impossible for me to understand anything the person on the phone is
>>> saying, although they can still hear me fine.
>>>
>>> Our Main office uses a Cisco PIX 506 for the main firewall and VPN
>>> concentrator. Each branch office used a Cisco 1700 series router with
>>> IPSec enabled in the IOS. Is there any sort of QoS I can turn on on the
>>> main router or the branch routers to make sure the voice quality takes
>>> precedence over the VNC? (Any example configs would be greatly
>>> appreciated)
>>>
>>> Would I be better off routing the voice packets over the internet rather
>>> than the VPN, and could I safely do that without exposing the asterisk
>>> boxes to unnecessary security risks? (At present all of our asterisk
>>> boxes are behind the firewalls and only talk to each other over the
>>> VPN. All PSTN connection is done through TDM boards so they have no
>>> direct exposure to the internet.)
>>>
>>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> Mvh,
> Aurimas Skirgaila
>
More information about the asterisk-users
mailing list