problem configuring QOS for SIP on Cisco ASA

Unanswered Question
Dec 15th, 2007

Hello !!

I had some noise in the VoIP sound, because there is some data which is uploading from our WAN link at the same time users are tolking on the IP Phone.

So I decided to configure QOS priority for SIP, but it seems that I wasn`t lucky this time, and I really hope that someone can tell me what wrong I did in my config which is written below:

below is my complette policy config as it is now:

priority-queue outside_wan

class-map Voice

match dscp ef

class-map inspection_default

match default-inspection-traffic


policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect netbios

inspect tftp

inspect dns

inspect esmtp

inspect pptp

inspect ipsec-pass-thru

inspect sip

policy-map Voicepolicy

class Voice



service-policy global_policy global

service-policy Voicepolicy interface outside_wan

My outside interface is called "outside_wan"

I hope someone can explain me what`s wrong in this config.

Thank You

Best regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
mmelbourne Mon, 12/17/2007 - 06:54

Do "show service-policy priority" and "show priority-queue statistics outside_wan" show a correct and working configuration? Is traffic being matched against the LLQ?

In the configuration of the priority queue "priority-queue outside_wan", you may need to change the values of the queue-limit and tx-ring-limit.

Please rate helpful posts.

050878james Mon, 12/17/2007 - 06:59

thank you for reply !!!

below is the show output :

ciscoasa# show priority-queue statistics outside_wan

Priority-Queue Statistics interface outside_wan

Queue Type = BE

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 7971924

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Queue Type = LLQ

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 189321

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0


so does the command look like, the one I should use instead of priority-queue outside_wan ??

mmelbourne Mon, 12/17/2007 - 07:09

The fact that packets are being transmitted from your LLQ suggests that traffic is being matched and placed in the correct queue in the service-policy. In which case, you may need to tweak the tx-ring-value and queue-limit values.

What is your WAN link? If you use an upstream router, then QoS need to be enabled there too, otherwise you're just ensuring the RTP packets leave the PIX before anything else.

Which ASA code are you running?

050878james Mon, 12/17/2007 - 08:22

I am running ASA 5505 ASA OS: 8.03 ASDM 6.03.

Nex router after my router is ISP Core router which is not under my control.

Cisco ASA I use now have static wan ip address and is connected to ISP`s CORE router.

So I would like to configure my ASA to priority SIP traffic...

mmelbourne Mon, 12/17/2007 - 08:32

What size is your WAN link, is it congested? If so, PIX QoS won't help, unless the ISP also honours the markings and queues appropriately.

Are you trying to LLQ your RTP streams or the SIP control messages?

050878james Mon, 12/17/2007 - 09:09

well I tryed to control messages first.

My wan link is 2 Mb upstream and 24 Mb downstream. And i see that I am able to upload 200 Kb/ps. so the bandwidth is not a problem.

mmelbourne Mon, 12/17/2007 - 09:16

Is that kilobits or kilobytes per second? A 2Mbit/s upstream equates to ~200KByte/s, so if your upstream is congested, then voice will suffer unless you can get your SP to LLQ the voice traffic as it leaves their router.

The bottleneck in the system is the 2Mbps upstream, not any FE interfaces on the ASA.

Please rate helpful posts!

050878james Mon, 12/17/2007 - 09:19

sorry it is 200 KB/ps, so you mean that this is not enough that I only configure qos on my cisco ASA ? I really don`t think so that my isp will help me.... unless you have any idea or sample config how can I accomplish this goal.

mmelbourne Mon, 12/17/2007 - 09:23

I think the point is it may not be enough. If your upstream bandwidth is congested (e.g. an FTP transfer is saturating the line), then there's not much you can configure to prioritise voice (as you're not in control of the next-hop device, and DiffServ using PHB), except maybe to shape other traffic so there is room for voice.

050878james Mon, 12/17/2007 - 09:26

I am thinking about this configuration:

access-list 101 permit tcp any any eq 5060

access-list 101 permit udp any any eq 5060

access-list 101 permit tcp any eq 5060 any

access-list 101 permit udp any eq 5060 any


Class-map match-any SIP

match access-group 101


Policy-map SIP

Class SIP

set dscp ef

priority percent 10


Interface ethernet 0/0.10

description outside

service-policy output SIP

so in other words the voip is not easy to handle, but in which case users can get VoIP working as it should is it possible at all ??

050878james Mon, 12/17/2007 - 09:29

but how I can have clean sound as water when I use the Skype ?? no problems at all I can upload what ever I will and I can still talk via SKYPE without any problems. But when I use SIP my linksys adapter which is connected to the Cisco ASA and my phone connected to this linksys adapter than I can`t use ip phone at all if I am uploading the sound is full of noises latency etc...... :(

mmelbourne Mon, 12/17/2007 - 10:01

Although it is perfectly possible to treat the SIP call signalling messages in a similar manner (although they are not usually priority-queued; more often they are marked as DSCP CS3 and assigned a minimum amount of guaranteed bandwidth). More bandwidth will be used by the actual voice RTP streams. Have you considered using a different codec, e.g. G.729 rather than G.711? I don't know a lot about Skype's codecs, but they may be more tolerant of delay and jitter.

050878james Mon, 12/17/2007 - 10:05

me either, i am not so familiar with skype, have tried it once. Well I`ll see what I can do here... I must figure out something.

What is wired in my mind is following :

When i stop any uploading from my network (ASA) than I have clean sound no problems at all EVEN if either me or ISP have configured any priority for the SIP traffic.. I can`t understand it at all.....:(


This Discussion