Unable to get VoIP QoS working on PIX

Discussion in 'Cisco' started by mhoppes@gmail.com, Mar 27, 2007.

  1. Guest

    I am attempting to get VoIP QoS running on a Cisco PIX. It's not
    working.

    Running 7.0(1) It is a PIX-515

    Config:
    interface Ethernet0
    nameif outside
    security-level 0
    ip address xxx.xxx.xxx.98 255.255.255.224
    !

    access-list 109 extended permit udp any any eq 4569

    class-map VOIP
    match access-list 109
    (also tried) match port udp eq 4569
    !
    policy-map VOIP
    class VOIP
    priority
    !
    service-policy VOIP interface outside

    Any ideas as to why this is not working?
    access-list 109; 1 elements
    access-list 109 line 1 extended permit udp any any eq 4569 (hitcnt=0)
    , Mar 27, 2007
    #1
    1. Advertising

  2. Why are you trying to match the only one UDP Port (4569)? UDP Port 4569 is
    used by IAX2 protocol between two Asterisk boxes, and usually it does not
    require QoS. However you need QoS for RTP traffic, which uses dynamic UDP
    ports in the range >15000 (in case you use a standard Asterisk
    configuration), and ports above 16356 in case of Cisco IP Phones. So, it
    would be better if you either specify other access-list, or use another
    parameter for selecting traffic (for example, use DSCP value). Here is a
    Cisco example, how to configure QoS over VPN on PIX 7.x code:

    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml

    Mike
    CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, Sun SCSA,
    Checkpoint CCSA, etc.
    CCIE R&S (in progress), CCIE Voice (in progress)
    ------
    Headset Adapters for Cisco IP Phones
    www.ciscoheadsetadapter.com
    www.headsetadapter.com


    <> wrote in message
    news:...
    >I am attempting to get VoIP QoS running on a Cisco PIX. It's not
    > working.
    >
    > Running 7.0(1) It is a PIX-515
    >
    > Config:
    > interface Ethernet0
    > nameif outside
    > security-level 0
    > ip address xxx.xxx.xxx.98 255.255.255.224
    > !
    >
    > access-list 109 extended permit udp any any eq 4569
    >
    > class-map VOIP
    > match access-list 109
    > (also tried) match port udp eq 4569
    > !
    > policy-map VOIP
    > class VOIP
    > priority
    > !
    > service-policy VOIP interface outside
    >
    > Any ideas as to why this is not working?
    > access-list 109; 1 elements
    > access-list 109 line 1 extended permit udp any any eq 4569 (hitcnt=0)
    >
    headsetadapter.com, Mar 28, 2007
    #2
    1. Advertising

  3. Guest

    You are correct, it is IAX. The reason we are trying to QoS the IAX2
    traffic is because there is a single T1 line. Often the T1 will
    become saturated. When this happens, VoIP call quality (over IAX)
    breaks up. We are trying to assure that the VoIP calls have priority
    over data traffic.

    Do you have a better solution.
    , Mar 28, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Albert

    QOS for VOIP using 768k of FR / Auto QOS

    Andrew Albert, Feb 6, 2005, in forum: Cisco
    Replies:
    7
    Views:
    1,473
  2. Replies:
    1
    Views:
    1,666
    thrill5
    May 23, 2005
  3. Replies:
    2
    Views:
    694
    Chris_D
    Jul 2, 2005
  4. dominix
    Replies:
    2
    Views:
    461
    dominix
    Feb 6, 2007
  5. Replies:
    1
    Views:
    330
    mcaissie
    Apr 11, 2007
Loading...

Share This Page