Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ncaridi
New Contributor

VOIP over IPSEC

Hello 

I'm running site to site vpn with 2 fgt. 90d -> 60c 

we're occasionally experiencing bad line quality .

from reading online I understand that the IPSEC has different configurations affecting the overhead used due to encryption etc etc. 

 

Is there a recommended setting for IPSEC tunnel being used for voice only ? 

 

Thank you ,

 

NC.

 

3 REPLIES 3
emnoc
Esteemed Contributor III

Your overhead with IPSEC is not going to make a difference. The traffic egressing the firewall and prioritization of traffic both via the WAN and tunnel-interface is going to be the issue.

 

let's step back and collect data/statistics

 

1: Are you seeing any  high plos or jitter

 

2: have you captured any RTP streams for analysis 

 

3: is the problem one-way or two-way

 

4: Do you have other traffic over the tunnel

 

5: have you tried and traffic QoS guanrantee with bw guarantee ( disc tagging is useless over the internet btw )

 

6: have you graph monitor both WAN uplink and tunnel utilization % and are your high  ploss/jitter during periods of high utilization

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ncaridi
New Contributor

Hi , 

Thank you for your fast reply. 

 

1. what is plos ? 

I'll try to use tcpdump + callstats to figure out the jitter and capture some rtp streams. 

 

3. usually the problem is one way e.g. 90d expriences bad call quality but the 60c hears fine. 

maybe 60c isn't pushing fast enough and usually when more then 3 persons on the phone on the 60c side. 

 

4. 90d has data + voice with traffic shaping .

60c handles only voice.

 

5. 90d traffic shaping .

60c is handling voice only so I figured theres no point,

altough I'm using QOS on switch level now to prioritize the voip traffic.

 

6. could you kindly explain how to go about this ? 

 

Thank you kindly.

 

NC.

 

emnoc
Esteemed Contributor III

 

1. what is plos ?  I'll try to use tcpdump + callstats to figure out the jitter and capture some rtp streams. 

 

 

plos  = packet lost

 

3. usually the problem is one way e.g. 90d expriences bad call quality but the 60c hears fine.  maybe 60c isn't pushing fast enough and usually when more then 3 persons on the phone on the 60c side.   

 

 

could be anything from  bad paths, no scheduler for EF tagged voice packets, interface drops,etc...

 

6. could you kindly explain how to go about this ?   

 

tshark/wireshark with the telephony analysis would be a start,

 

use the dig command to look for interface related issues on both firewalls & all interfaces that VoIP packets crosses

 

e.g

 

diag hardware  deviceinfo  nic wan1 | grep Error

diag hardware  deviceinfo  nic wan1 | grep Dropp

 

set a link monitor to monitor the path from FGT90<---> 60 would be a start.

 

 

ensure you have no duplex issues

 

ken

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors