IPSec

Hi,

We had a IPSec running between our network and our corporate office. We had voice traffic going through this network . Though initially everything was going fine lately we have found that there is a high level of breakage in the voice taking place. Can anyone help me figure out why this takes place.

It might be as simple as too much load on the server. I take it you're running IPSec in tunnel mode, so what encodes the IPSec? Voice has a *LOT* of data, and if it uses IPSec on it, it has to encode a lot. If voice data packets must be encoded, maybe you could lower the encoding to lighten the load (Just for voice). For example, AH wouldn't be needed. And you could pick MD5 over SHA1, DES over 3DES, ect. I don't think anyone will change voice data on the fly. If they do, well, *I* sure wouldn't want to try to keep them out of the network...

The explanation about the algorithms is great, but you are using hardware or software encryption??
Check the cpu and interface utlization.
Encrypting data and voice would add extra delay for the voice traffic, and if it exceed 150 ms one way it is broken.

I have also some routers doing voip but not encrypting them.

I'm not sure if this will work with your network but try to use LLQ defining the priority queue for voice traffic. An wred for avoiding the vocie queues get full congested because of the data traffic.

hope it helps, and luck

Salute

Thanks for the replies but I would appreciate if someone could give bigger description of the problem. Though as informed voice do contain more packets than data and this would cause the delay but is there any other way to go through. We are using MD5.