Filter
Top Products
Firewall Settings > QoS Mapping
764
SonicOS 5.8.1 Administrator Guide
To examine the effects of the second Access Rule (VPN>LAN), we’ll look at the Access Rules
configured at the Main Site.
VoIP traffic (as defined by the Service Group) arriving from Remote Site 1 Subnets across the
VPN destined to LAN Subnets on the LAN zone at the Main Site would hit the Access Rule for
inbound VoIP calls. Traffic arriving at the VPN zone will not have any 802.1p tags, only DSCP
tags.
–
Traffic exiting the tunnel containing a DSCP tag (e.g. CoS = 48) would have the DSCP
value preserved. Before the packet is delivered to the destination on the LAN, it will also
be 802.1p tagged according to the QoS Mapping settings (e.g. CoS = 6) by the
SonicWALL at the Main Site.
–
Assuming returned traffic has been 802.1p tagged (e.g. CoS = 6) by the VoIP phone
receiving the call at the Main Site, the return traffic will be DSCP tagged according to
the conversion map (CoS = 48) on both the inner and outer packet sent back across
the VPN.
–
Assuming returned traffic has been DSCP tagged (e.g. CoS = 48) by the VoIP phone
receiving the call at the Main Site, the return traffic will have the DSCP tag preserved
on both the inner and outer packet sent back across the VPN.
–
Assuming returned traffic has been both 802.1p tagged (e.g. CoS = 6) and DSCP
tagged (e.g. CoS = 14) by the VoIP phone receiving the call at the Main Site, the return
traffic will be DSCP tagged according to the conversion map (CoS = 48) on both the
inner and outer packet sent back across the VPN.
Setting Access Rule 1 Access Rule 2
General T
ab
Action Allow Allow
From Zone LAN VPN
To Zone VPN LAN
Service VOIP VOIP
Source Lan Subnets Remote Site 1 Subnets
Destination Remote Site 1 Subnets Lan Subnets
Users Allowed All All
Schedule Always on Always on
Enable Logging Enabled Enabled
Allow Fragmented Packets Enabled Enabled
Qos Tab
DSCP Marking Action Map Map
Allow 802.1p Marking to
override DSCP values
Enabled Enabled
802.1p Marking Action Map Map