I came across a problem after configuring QoS on a ASA5505 v8.2(1) for one of our customers (planning to use IP Phones over VPN). Although I configured via ASDM, here is the relevant CLI config:
match dscp cs3 af31 ef
shape average 3600000
service-policy outside-policy interface outside
(the default global policy is also configured)
The problem is after configuring this, after some time (usually around 1 day), the traffic throughput on the ASA is very low. When I ping an outside host, about half the packets get lost. The internet connection has a fixed ip...no DHCP or PPPoE. If I remove the QoS policy from the outside interface or reboot the ASA, traffic throughput is normal again.
I used this configuration the first time on v7.2(4) where it worked without any problems for several months. The issue started after upgrading to 8.0(4) and persisted in 8.2(1).
Did anybody come across this? Am I missing anything what the config is concerned? The logs show nothing unusual.
Any feedback would be appreciated!
You are more than likely running into bug CSCsx07862 which was resolved in 18.104.22.168 and 22.214.171.124. Another potential workaround that I have used in the past is to police the class default as opposed to shape.