Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IPSec

IPSec 10 years 8 months ago #12682

Hi,

We had a IPSec running between our network and our corporate office. We had voice traffic going through this network . Though initially everything was going fine lately we have found that there is a high level of breakage in the voice taking place. Can anyone help me figure out why this takes place.
The administrator has disabled public write access.

Re: IPSec 10 years 8 months ago #12697

  • Ozzy_98
  • Ozzy_98's Avatar
  • Offline
  • Frequent Member
  • Posts: 22
  • Karma: 0
It might be as simple as too much load on the server. I take it you're running IPSec in tunnel mode, so what encodes the IPSec? Voice has a *LOT* of data, and if it uses IPSec on it, it has to encode a lot. If voice data packets must be encoded, maybe you could lower the encoding to lighten the load (Just for voice). For example, AH wouldn't be needed. And you could pick MD5 over SHA1, DES over 3DES, ect. I don't think anyone will change voice data on the fly. If they do, well, *I* sure wouldn't want to try to keep them out of the network...
The administrator has disabled public write access.

Re: IPSec 10 years 8 months ago #12703

  • havohej
  • havohej's Avatar
  • Offline
  • Distinguished Member
  • Posts: 152
  • Karma: 0
The explanation about the algorithms is great, but you are using hardware or software encryption??
Check the cpu and interface utlization.
Encrypting data and voice would add extra delay for the voice traffic, and if it exceed 150 ms one way it is broken.

I have also some routers doing voip but not encrypting them.

I'm not sure if this will work with your network but try to use LLQ defining the priority queue for voice traffic. An wred for avoiding the vocie queues get full congested because of the data traffic.

hope it helps, and luck

Salute
The administrator has disabled public write access.

thanks 10 years 8 months ago #12729

Thanks for the replies but I would appreciate if someone could give bigger description of the problem. Though as informed voice do contain more packets than data and this would cause the delay but is there any other way to go through. We are using MD5.
The administrator has disabled public write access.
Time to create page: 0.114 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup