I am looking to configure QOS on my PIX running version 8.03 of the PIX software.
I would like to give priority to VPN tunnel traffic as well as certain other designated traffic, based on an acl. Ideally, I wouldn't want to police all other traffic by rate-limiting it.
My current config looks like this:
access-list acl_priority permit ip host external_ip any
match access-list acl_priority
match tunnel-group x.x.x.x
service-policy priority_traffic interface outside
The thing I am unsure about is do I need to apply rate limiting (policing) under the default class or can I just leave it like this? Does the priority queue take as much bandwidth as it needs to? Also, with the above config, is traffic policed in the outbound direction only?
What I am hoping to acheive is, if the WAN connection is being hammered by large downloads, I would want the priority traffic to take precedence.