Skip to main content
ncaridi
ncaridi
New Member
September 8, 2016
Question

VOIP over IPSEC

  • September 8, 2016
  • 1 reply
  • 8524 views

Hello 

I'm running site to site vpn with 2 fgt. 90d -> 60c 

we're occasionally experiencing bad line quality .

from reading online I understand that the IPSEC has different configurations affecting the overhead used due to encryption etc etc. 

 

Is there a recommended setting for IPSEC tunnel being used for voice only ? 

 

Thank you ,

 

NC.

 

    1 reply

    emnoc
    emnoc
    New Member
    September 8, 2016

    Your overhead with IPSEC is not going to make a difference. The traffic egressing the firewall and prioritization of traffic both via the WAN and tunnel-interface is going to be the issue.

     

    let's step back and collect data/statistics

     

    1: Are you seeing any  high plos or jitter

     

    2: have you captured any RTP streams for analysis 

     

    3: is the problem one-way or two-way

     

    4: Do you have other traffic over the tunnel

     

    5: have you tried and traffic QoS guanrantee with bw guarantee ( disc tagging is useless over the internet btw )

     

    6: have you graph monitor both WAN uplink and tunnel utilization % and are your high  ploss/jitter during periods of high utilization

     

    Ken

     

    ncaridi
    ncaridiAuthor
    New Member
    September 8, 2016

    Hi , 

    Thank you for your fast reply. 

     

    1. what is plos ? 

    I'll try to use tcpdump + callstats to figure out the jitter and capture some rtp streams. 

     

    3. usually the problem is one way e.g. 90d expriences bad call quality but the 60c hears fine. 

    maybe 60c isn't pushing fast enough and usually when more then 3 persons on the phone on the 60c side. 

     

    4. 90d has data + voice with traffic shaping .

    60c handles only voice.

     

    5. 90d traffic shaping .

    60c is handling voice only so I figured theres no point,

    altough I'm using QOS on switch level now to prioritize the voip traffic.

     

    6. could you kindly explain how to go about this ? 

     

    Thank you kindly.

     

    NC.

     

    emnoc
    emnoc
    New Member
    September 9, 2016

     

    1. what is plos ?  I'll try to use tcpdump + callstats to figure out the jitter and capture some rtp streams. 

     

     

    plos  = packet lost

     

    3. usually the problem is one way e.g. 90d expriences bad call quality but the 60c hears fine.  maybe 60c isn't pushing fast enough and usually when more then 3 persons on the phone on the 60c side.   

     

     

    could be anything from  bad paths, no scheduler for EF tagged voice packets, interface drops,etc...

     

    6. could you kindly explain how to go about this ?   

     

    tshark/wireshark with the telephony analysis would be a start,

     

    use the dig command to look for interface related issues on both firewalls & all interfaces that VoIP packets crosses

     

    e.g

     

    diag hardware  deviceinfo  nic wan1 | grep Error

    diag hardware  deviceinfo  nic wan1 | grep Dropp

     

    set a link monitor to monitor the path from FGT90<---> 60 would be a start.

     

     

    ensure you have no duplex issues

     

    ken

     

     

    Terms & ConditionsAccessibility statement