Unanswered Question
Jul 10th, 2009
User Badges:


i have c2600 router connected with ipsec VPN to ASA5520. I want to apply QoS on router, because link is congested by corporate regular traffic. I want to prioritize traffic communicating on ports 5061-5064 (voice, video...).

What can be the best QoS strategy for this scenario?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Sat, 07/11/2009 - 05:22
User Badges:
  • Super Bronze, 10000 points or more

Since you mention VPN, I'm assuming this is across the Internet? If true, are the Internet links used by the VPN used by other than just this one VPN connection? If so, very difficult to impossible to guarantee service.

If there's just the VPN connection across the Internet, I've found an effective QoS strategy to be to shape such that bandwidth bottlenecks are avoided except at the Internet endpoints, and for those, use CBWFQ to implement QoS to treat traffic as necessary (e.g. LLQ for real-time traffic such as VoIP).

I'm not familar with the capabilities of the ASA. What all the 2600 can do depends on the IOS.

Collin Clark Mon, 07/13/2009 - 05:57
User Badges:
  • Purple, 4500 points or more

Like Joseph stated, if this goes over the internet, it's best effort. That being said, I have a client that was having this issue and as a test we gave priority to the remote end IP. It has resolved most of their VoIP issues over the VPN.

class-map match-all VPN-CLASS

match access-group name VPN

policy-map QOS-POLICY


priority 512

class class-default


ip access-list extended VPN

permit ip host 68.115.x.y any

permit ip any host 68.115.x.y

interface s0/0/0

service-policy output VPN-POLICY

Hope that helps.

lubosbella Mon, 07/13/2009 - 23:41
User Badges:

Thank you,

maybe i should more specify conditions. In attachment is a scheme of my network.

Im not sure if it is possible to use a CBWFQ strategy because congested router have only one physical interface divided into subinterfaces and CBWFQ method dont support it officialy.

Collin your configuration is applied to ASA or C2600?


Collin Clark Tue, 07/14/2009 - 06:58
User Badges:
  • Purple, 4500 points or more

It is from a 2811 running 12.4(5)


This Discussion