Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

VOIP over Private VPN

VOIP over Private VPN

VOIP over Private VPN

I have a system with an IPO 403 one end and a 406 the other
trying to get 5 calls working over the vpn, i have cisco 1751 routers at each end with the following set up (see router extract)

we are getting calls that people cant hear each other at the other IPO (internal IPO to IPO calls)

my DSCP set to 46 in the IPO's and using G.729(a)8k codec

The Carrier has confirmed QOS is setup on their side and the Voice Class isnt dropping any packets

Any ideas where to start?

!!!!Router config extract!!!!!
ip cef
class-map match-any Business
  match ip precedence 3
  match access-group name telnet
  match access-group name h323
  match access-group name 5900
class-map match-any Voice
  match ip precedence 5
  match access-group name rtp
policy-map PNb+v
 description Private Network Business Plus Voice
  class Voice
   priority percent 30
   set precedence 5
  class Business
   bandwidth percent 46
   random-detect exponential-weighting-constant 6
   set precedence 1
  class class-default
   bandwidth percent 19
   random-detect exponential-weighting-constant 6
   set precedence 0
interface ATM0/0
 no ip address
 no atm ilmi-keepalive
 dsl equipment-type CPE
 dsl operating-mode GSHDSL symmetric annex B  dsl linerate AUTO !
interface ATM0/0.1 point-to-point
 ip address
 pvc 1/35
  vbr-nrt 512 512
  tx-ring-limit 3
  oam-pvc manage
  encapsulation aal5snap
  max-reserved-bandwidth 95
  service-policy output PNb+v

RE: VOIP over Private VPN

I'm not a router guy, but I believe on all cisco equipment (or is it just PIX firewalls?) that you have to disable something called h.323 packet inspection... do a search on this thread and you should find what you need it's been posted here before.


RE: VOIP over Private VPN

i've had similar symptoms before and it turned out to be a routing issue.  Make sure all your routers and ipo's have static routes to each subnet.  My scenario was that one site can ring the other site, but when the user picks up there's no communication.  It turned out one of the routers was missing an ip route back to one of the subnets.

RE: VOIP over Private VPN

the calls work most of the time, but sometimes the a or b party cant hear the other, the dafault route is set to the router at each site, which are both cisco 1751 routers running ip plus 12.3

i have seen the same h.323 inspection problem on netscreens firewalls but believe its not the issue here as there are only routers and not pix firewalls.

still pondering

RE: VOIP over Private VPN

class-map match-any Voice
  match ip precedence 5
  match access-group name rtp

and the extract from access-group rtp ?
Do you match it on DSCP values and do you do RTP Header compression ? as well as the RTP port range differs between Avaya and Cisco.

RE: VOIP over Private VPN

The Shdsl network we use doesnt support header compression, i have also just checked the config and havent matched anything to the RTP group, should i add

ip access-list extended rtp
remark RTP (VoIP) classification
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended h323
remark Typical H.323 Signalling classifications
permit tcp any any eq 1503
permit tcp any any eq 1718
permit tcp any any eq 1719
permit tcp any any eq 1720
permit tcp any any eq 1731
permit tcp any eq 1503 any
permit tcp any eq 1718 any
permit tcp any eq 1719 any
permit tcp any eq 1720 any
permit tcp any eq 1731 any

i have also done some tests in regards to MTU, if my ping is larger than 1470 in size then it doesnt get thru, if the IPO is running a MTU of 1500 then would this cause issues?

RE: VOIP over Private VPN

RTP - just been testing with our carrier  and it seems the cisco is recognising the IPO setting packets with an ip precendence of 5 and handling them correctly without defining the RTP group.
The Carrier however doesnt support RTP header compression and shows the calls at 28000bps which seems about right from all the doco i have read, with RTPHC it can go as low as 11k, but as SHDSL is a layer 3 network its a bit difficult as the carrier has to support it as well, with frame relay its a layer 2 network so like having a end to end pipe where you can run your own settings independent of the carrier.

RE: VOIP over Private VPN

I haven't run a config like you do but the very first time I used 4602 IP Phones in combination with Cisco Router the MTU size was the problem. I could make calls but most of the time there was no voice path. The moment I set the 4602 to not the QOS, the problem was gone. Per default the Cisco doesn't allow big MTU. I assume when you config the cisco for H323 use, it should deal with different MTU sizes, then again with Cisco, like Avaya, you never know.

Good luck..

RE: VOIP over Private VPN

Funny thing pings of 1500 from router to router work fine, but as the ciscos are plugged into the Lan ports on the IPO as well as the VM server being plugged in there as well, if you ping the local router the IPO will fragment data traffic, apparently the IPO does this so QOS for voice can do its stuff. (this would be accounted for by the IPO tagging the packets with a TOS thus reducing the payload of the packets.)
have ended up setting the ciscos to half/100mb in a effort to get rid of errors that were comming up.
hopefully will have a full guidline document for a SHDSL/IPO VOIP install after all this

RE: VOIP over Private VPN

anyone know what IP Precedence of 5 in a cisco works out to be on the DSCP settings/mask in the IPO?

RE: VOIP over Private VPN

I could be wrong but i believe that this matchges the IPO default of 46

RE: VOIP over Private VPN

why can't you use auto qos voip command instead this? we just got 1760 and I typed this command and router was set. I didn't test yet but it should work just fine.


RE: VOIP over Private VPN

Thanks IPGuru i also found an interesting article on Cisco's web late last night

46(dec) is 101110 in binary which decodes to

the first 3 bits
101 = CRITIC/ECP = Precedence 5

the last 3
Bit 3 = Delay [D] (0 = Normal; 1 = Low)
Bit 4 = Throughput [T] (0 = Normal; 1 = High)
Bit 5 = Reliability [R] (0 = Normal; 1 = High)
see Document ID: 10103 Cisco's web

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close