QoS on site-site vpns

Unanswered Question


I have the following challenge:

My Cisco ASA5505, has two working site-site vpn tunnels. Over these tunnels (remote sites are also ASA5505), i want to run both data and voice traffic. I want to apply QoS on these vpn's, so that my voice traffic wont be affected by to much data going through.

I have looked at some simple QoS samples, but i'm a bit stuck, since this involves multiple vpns, not only one.

Any help is appreciated

Best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Ok, i've looked at the links.

Is this a valid configuration? I dont have the ASA's here right now, so i cant test it:


class-map Voice

match dscp ef

match tunnel-group tunnel-grp1

match tunnel-group tunnel-grp2

policy-map Voicepolicy

class Voice


service-policy Voicepolicy interface outside


Can i do a double tunnel-group match?

Marwan ALshawi Wed, 09/17/2008 - 16:24
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

not practtical

becase this mean it should be the traffic from both tunnel-groups

while u need to match each one saparate

and make sure u have the voice marked correctly as EF in ur network

dtushing123 Thu, 09/18/2008 - 05:39
User Badges:

You might be able to use the qos-group feature to mark each individual tunnel at the spokes, this way you could employ QOS at the hub based on these cos-groups.


This Discussion