Audio Quality problem using Cisco 79xx for remote users

Hi All,

We have been using Asterisk at the office for about 4 months. We are using a 15 Channel PRI (ISDN30). We are using Cisco 7940 & 7960 handsets with firmware 7.4. The solution works great, and is rock solid.

We have IPSEC VPN to the directors houses, using routed technology. The home offices are using 256k/1024K ADSL.

We have tried Linksys (no qos), Draytek (with packet prioritisation), Cisco and several other DSL routers.

If we use the Cisco 79xx from home over the VPN we get very bad voice quality problems. It happens if we are dialing out using the ISDN trunks, or calling another SIP phone in the office. Sometimes the call is very clear, but you never know when the Dalek’s are gona get ya!

The echo and distortion is very difficult to describe, so I recorded it on my mobile for anyone who is interested :smile:

We have purchased and installed the G729 codec from Digium and the remote handsets have been configured to use this codec.

The problems occur just the same with G729 or G711.

I have read much and tried lots before posting here :smile:

Any pointers welcome…




It’s been my experience that any communications across VPN’s suffer from the encoding and decoding that occurs.

What is your VPN endpoint like? Is it a strong enough processor that encoding and decoding the packets is not burdensome for them? Is it an application that’s running on the Directors PC?

Is it possible to put a pinhole in your firewall to allow the SIP packets from that one DSL endpoint to get to your Asterisk box to see if that’s not the trouble?

Hi Dufus,

Thanks for the reply…

This is one of the lines we tried, thinking that the Linksys DSL router was not man enough for the job. So we switched it to other brands like Draytek and Cisco, but still the same problems, we have tried many routers (matched pairs at both ends of the test connections):

Linksys WAG54G (IPSEC)
Linksys AG241 (IPSEC)
Draytek 2600G (IPSEC Mode)
Draytek 2600G (PPTP Mode)
Cisco SoHo xxx (can’t remember the model right now)

We target SME customers and need to implement the same solutions we would install. They need to be Value for money but they also need to work :smile:

Pinging boxes on the office LAN from home gives a solid round trip of about 30ms, not great, but also not bad. (I know that the ping time does not give us any “real” information about latency)

Using the “info” button twice during the call on the Cisco provides stats, and no packets are being dropped in or out… The jitter can get a bit high once in a while, but I don’t think jitter is causing the distortion & echo.

My problems with dropping the VPN and going direct are:

1 - We already use the VPN for remote access.
2 - Our home offices are behind NAT and so is the * server.
3 - I don’t really want to open my * server to the DMZ
I did try to pinhole the firewall, but NAT to NET to NAT is not cool with SIP.



My, there are so many cooks in this kitchen, it’s hard to know which one to kick out first…


First, ping can be fairly useful if the command is properly formatted. Consider:

ping -f -l 1472

…will ping a distant machine with a 1.4 kilobyte packet that can’t be fragmented. It might give you a better idea about what your machine can do with voice packets.

Also, you might check your MTU settings on the router. Make sure you’re not creating packets larger than the MTU that have to be broken up before being transmitted.

Remember that SIP voice packets are UDP. TCP would slow things down, so make sure that’s not what’s transmitting the IPSEC packets. Create a second tunnel with just UDP packets if that’s what’s going on.

I don’t know how much help I’ve been, but that’s all that comes to mind right away. (Based on the .wav file I heard.)

You might try putting the Asterisk box on the DMZ, just to elminate an object. You don’t have to leave it there after you test.