We have two sites called Site A & Site B connected via 2 Mbps Satellite Link. The current configuration of the QoS is as below:
class-map match-all NETWORK-CONTROL
match ip dscp cs6
class-map match-any VOICE-SIGNALLING
match ip dscp cs3
class-map match-all VOICE-BEARER
match ip dscp ef
priority percent 30
bandwidth percent 7
bandwidth percent 3
We have deployed Cisco ASA between the sites A & B and have an IPSEC Tunnel between the ASAs which mainly carry the Wireless Internet Traffic from Site B to Site A.
We would like to ensure that the Wireless Internet Traffic which goes through the Tunnel has the least priority,
Any recommendations with reference to this would be helpful.
Thanks and Regards
Senior Consultant - Cisco Unified Communications
Network & Telecoms Group
Mannai Corporation, QSC
Tel (Office) :+974-4558118
Tel (Mob) : +974-5447791
Fax : +974-4558558
with your current configuration the IPSec packets carrying wireless Internet Traffic from Site B to Site A matches the default class.
Now, the default class can use up to 60/35 percent of bandwidth with your current configuration.
(up to 75% of the link BW if max-reserved-bandwidth applies to your router platform)
A possible suggestion could be that of creating a dedicated class with some percent for the ipsec traffic if you desire to distinguish it from the default class
so depending on your IPSec config you need to match AH or ESP protocols
! in the ACL you can use the actual ipsec
! peer addresses
access-list 111 permit ah any any
access-list 111 permit esp any any
class map match-any IPSEC
match address 111
bandwidth percent 10
Hope to help