troubleshooting Question

QoS Setup on a Cisco 831

Avatar of BoB7869
BoB7869 asked on
Voice Over IP
6 Comments1 Solution2827 ViewsLast Modified:
Hey I'm trying to run VoIP through an Ipsec tunnel and use QoS. It seems to be working. But I'm still getting bad quality. Does any one have any ideas, or is it working correctly? Here is the config where 192.168.1.12 is the phone server:

NetRouter#show run
Building configuration...
!
version 12.3
!
!
class-map match-all voip
 match access-group 176
class-map match-all non-voip
 match access-group 177
!
!
policy-map vpn-tunnel
 class voip
  priority percent 70
 class non-voip
  priority percent 5
 class class-default
  fair-queue
  queue-limit 15    
!
crypto isakmp policy 1
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 authentication pre-share
!
crypto isakmp policy 4
 hash md5
crypto isakmp key ******** address *.*.*.*
no crypto isakmp ccm
!
!
crypto ipsec transform-set rtpset6 esp-3des esp-sha-hmac
no crypto ipsec nat-transparency udp-encaps
!
crypto map rtp 1 ipsec-isakmp
 set peer *.*.*.*
 set transform-set rtpset6
 match address 132
 qos pre-classify
!
!
!
interface Ethernet0
 ip address 192.168.25.1 255.255.255.0
 ip nat inside
 ip inspect myfw in
 ip virtual-reassembly
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 ip address 71.36.27.177 255.255.255.248
 ip nat outside
 ip inspect myfw out
 ip virtual-reassembly
 duplex auto
 no cdp enable
 crypto map rtp
 service-policy output vpn-tunnel
!
interface Ethernet2
 no ip address
 shutdown
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 *.*.*.*
ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface Ethernet1 overload
!
access-list 23 permit 192.168.25.0 0.0.0.255
access-list 104 deny   ip 192.168.25.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 permit ip 192.168.25.0 0.0.0.255 any
access-list 132 permit ip 192.168.25.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 176 permit ip 192.168.25.0 0.0.0.255 host 192.168.1.12
access-list 176 permit ip host 192.168.1.12 192.168.25.0 0.0.0.255
access-list 176 permit ip 192.168.25.2 0.0.0.60 host 192.168.1.12
access-list 176 permit ip host 192.168.1.12 192.168.25.2 0.0.0.60
access-list 176 deny   ip any any
access-list 177 deny   ip host 192.168.1.12 192.168.25.0 0.0.0.255
access-list 177 deny   ip 192.168.25.0 0.0.0.255 host 192.168.1.12
access-list 177 permit ip any any
route-map nonat permit 10
 match ip address 104

NetRouter#show policy-map int eth 1
 Ethernet1

  Service-policy output: vpn-tunnel

    Class-map: voip (match-all)
      881191 packets, 59288639 bytes
      5 minute offered rate 41000 bps, drop rate 0 bps
      Match: access-group 176
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 70 (%)
        Bandwidth 7000 (kbps) Burst 175000 (Bytes)
        (pkts matched/bytes matched) 106423/12727306
        (total drops/bytes drops) 0/0

    Class-map: non-voip (match-all)
      206007 packets, 36342772 bytes
      5 minute offered rate 8000 bps, drop rate 0 bps
      Match: access-group 177
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 5 (%)
        Bandwidth 500 (kbps) Burst 12500 (Bytes)
        (pkts matched/bytes matched) 32105/15115712
        (total drops/bytes drops) 141/197769

    Class-map: class-default (match-any)
      19235 packets, 1154100 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 256
        (total queued/total drops/no-buffer drops) 0/0/0

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros