Connecting external sales people to an Avaya PBX using a VPN, any other way?

[bexinateur]

We have around 30 sales people working remotely from many different destinations around the world. We have a hosted Avaya PBX in our HQ and they connect using the VPN on the hardphones (Avaya hardphones). The issue is that the voice quality for some of them is terrible due to the weight of the packets through the VPN. Is there a way to connect directly to the PBX with no VPN or should we look at implementing a new system?

I need the external users to have great voice quality. Any advice or help is appreciated.

 

[bill001g]

Try the hardphones in vpn mode INSIDE the company to see if you can make it work. We have done this before and the phones have more than enough power to run the VPN and the quality is fine....we mark the outside vpn packets. Still this is over a private network where we control QoS end to end not over the internet.

I suspect your problem is more the internet than the vpn. You of course could put a small vpn device in front to offload the phones but it still is likely jitter or packet loss in the internet path.

You should tolerate more loss if you use g.711 rather than g.729 Even with vpn overhead you should only be sending less that 100k/sec with g.711 and since it has more data to lose the users should not hear it as much.

On VPN the thing that causes CPU/processor issues on devices is packet fragmentation and reassembly. This is seldom a issue for VoIP since the packet size should be fairly small. If you have the VoIP sample size set really high you could get long packets that approach the MTU limits but this is a very non standard option to set.

 

[bexinateur]

I think the issue is the users internet connection as it can be unreliable and the latency can be terrible. This is always going to be an issue as we work in 3rd world and developing countries. However if the VPN is making the packets heavier, should we look at another solution without a VPN connection to make the packets lighter and easier for these external users?

Just looks like the VPN is the only solution for external users to hit the PBX.

 

[bill001g]

Unfortunately you need VPN for 2 things. First it depends if you care if people listen into the call. The second is the NAT and firewall issues.

The TCP setup for SIP or H.323 calls has few issues but since they send the IP addresses for the end stations for the voice path inside the packets. There are some firewalls that can fix the NAT by manipulating content messages as they are exchanged and punch holes dynamically but this is still not a common feature even on large commercial firewalls. You would need a firewall/router at each location that could do this. This is why VPN is used to solve this issue most the time.

We have work from home users running softphone clients over our normal ssl-vpn for remote access. It mostly works in the more modern countries but as expected when they are crossing international boundaries from countries with poor internet it does have issues. If the users are mobile you are kinda stuck with this problem. The other thing we do where we have office in the country is allow the users to use analog phones to dial into the local pbx and then use the PBX to route the call over our private network to other countries. We have also mapped internal numbers to their external line so people can call them using out private network rather than international calls. We are somewhat lucky to have offices in almost every country in the world.

 

[bexinateur]

I appreciate the feedback. Would a possible move to a cloud based PBX improve this?

 

[bill001g]

We have looked into some of those. Many offer this as part of their sip trunking packages. We have moved many of our PBX local access circuits to sip trunks but have not take them up on letting users gain access over the internet. This is effect lets the uses terminate the call closer to their house...it is still vpn.. and the calls would then route on their private network.

The problem is always the places where we have the most issues because of poor internet are also the countries these providers also have no local access.

 

[bexinateur]

Bill001g. Really appreciate your help, thanks.