Meraki

Sam-I-am · ‎May 16 2018

Hello All,

We currently have an MX84 on our network with redundant ISPs (a 50\50 fiber and a 50\10 coax) and two VLANs. One VLAN for clients and phones (Same network for backup purposes) and the other VLAN for servers. We have a relatively new VoIP service as well and were having VoIP QoS issues. I was working with the provider to determine why the QoS was so bad and could not determine the issue.

As it happened our Coax went out a few weeks ago and our QoS increased immensely. After some testing I found that the simultaneous connection of the Coax and the fiber is causing the QoS issue. After doing a good amount of research I believe that the issue might be that the firewall requires NAT to ensure that the phones have a solid connection.

I was wondering if users with VoIP and and VLANs prefer 1:1 NAT or 1:Many NAT? Is their one that you find works better with VoIP? I am hoping that I do not have to make too many rules for each user.

Any help would be appreciated.

Thank you

Adam · ‎May 16 2018

1:1 would be a single WAN IP to a single LAN IP. 1:Many could be a single WAN IP to multiple different LAN IPs as long as they are different ports/protocols. Just keep in mind with two ISPs you may need to create NAT rules for each ISPs WAN IPs. Also if one of the ISP/circuits goes down it will likely interrupt a portion of your VOIP calls no matter what since those streams would be actively going across one of the circuits and will have to establish over the other circuit.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

Sam-I-am · ‎May 16 2018

Hello Adam,

So if I need both VLANs to access the WAN through the main fiber connection and also require rules to ensure that the phones always use the main connection instead of attempting to use the coax connection (when it is connected) then 1:Many seems like it would be the best choice.

Thank you for the clarification.

Adam · ‎May 16 2018

For that I would use a flow preference.

Security Appliance>Traffic Shaping

Flow Preferences

Internet Traffic

There you can set source or destination based rules to prefer a WAN connection. Then it'll only use the other if that WAN connection fails. If you want to get more fancy you can use performance classes on that same page to prefer whichever WAN connection has the lowest latency 😉

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

ww · ‎May 16 2018

i wonder if sip at meraki also reconize rtp or only signaling. if not, you would be better of adding the voip subnet to the rule.

not sure why a email server need high priority.

MRCUR · ‎May 16 2018

What are you doing 1:1 NAT with currently? Did the VoIP provider give you an on-prem device that they are asking you to forward traffic to or something else?

Do you have any traffic shaping rules defined on the MX to ensure voice traffic is giving the correct priority?

MRCUR | CMNO #12

Sam-I-am · ‎May 16 2018

Hello MRCUR,

I am not using NAT currently and the VoIP provider did not provide any on Premise device only the VoIP phones that we purchased.

I have set Traffic Shaping Rules making SIP (Voice) a High Priority object with no bandwidth limit and no DSCP Tagging. I have also added our main web page and Mail server as high priority with a limit of 39 Mbps and everything else as normal with 15 Mbps (We have 100 Mbps Fiber).

With the current Traffic shaping rules we are getting 99% QoS (without the coax connection) this is why I thought it might be a NAT issue.

Thank you

Meraki

Community

1:1 NAT vs 1:Many NAT for VoIP

1:1 NAT vs 1:Many NAT for VoIP