qos pre-classify

Unanswered Question
Jun 22nd, 2007

Can qos pre-classify be enable over an IPSec VPN running from a 3825 ISR router to a VPN concentrator? I know it will work over GRE and IPSec site-to-site VPN's where the termination point is a router but I'm not sure about the concentrator. Any thoughts??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
swharvey Wed, 06/27/2007 - 12:19

I don't think my response directly answers you question, but I can share my experience with qos pre-classify. Likewise we run it on router to router ipsec vpn tunnels, and define qos marking and honoring for LLQ.

Regarding the 3000 Concentrator I cannot say directly, however, I do know that on the ASA firewalls (next gen of VPN Concentrator/PIX), you can honor qos marked traffic or prioritize it into vpn tunnels that terminate on the device via acl's. Since the ASA's don't use tunnel interfaces (tunnel-groups instead), the qos voip assignments are placed on the physical interface, but is applied to the rtp stream. The method below rate limits all non voice traffic, then llq prioritizes the rtp stream based on either the dscp value or the rtp udp range. Below is a qos example on the ASA5505 for a DSL line with 768kb download, 128kb upload, allowcating 64-80kb for a G729 call...not sure how it would apply to the VPN Conecntrator:

class-map non_voice

match any

class-map voice-rtp-non-marked

description Match non-Marked VoIP (RTP) packets

match rtp 16384 16383

class-map voice-dscp-marked

description match Marked VoIP (RTP) packets

match dscp ef

policy-map VoIP-outside

class non_voice

police input 704000 (rate limit non voice in bps)

police output 64000 (rate limit non voice in bps)

class voice-dscp-marked


class voice-rtp-non-marked


priority-queue outside

service-policy VoIP-outside interface outside

I didn't cover the router pre-qos side..I figure you're solid on that.

Hope this helps...if so please rate.



This Discussion