QOS configuration on ASA 5505

Unanswered Question
Dec 20th, 2009

Hello Experts,

We have 2MB leased line dedicated (1:1) and around 10 remote sites are connected vis STS IP Sec Tunnel. There is no QOS configured. Now what I ant i.e. 85 % bandwidth I want to reserve for all remote sites and 15 % for internet request (Web Surfing or download e-mails).

Can anyone post the configuration?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Mon, 12/21/2009 - 06:44
If you are running 7.2.4 and above:

Sample VPN traffic:

access-list vpn_traffic extended permit ip
access-list vpn_traffic extended permit ip

These two classes match vpn and voice traffic.  You can remove voice traffic if you like.
class-map vpn-traffic
match access-list vpn_traffic
class-map voice-traffic
match dscp af13  af31  ef
policy-map qos_class_policy
class vpn-traffic
class voice-traffic
policy-map qos_outside_policy
class class-default
  shape average 16777216          <---- traffic shaping config is here
  service-policy qos_class_policy < ---- priority queueing config is here
service-policy qos_outside_policy interface outside

Reference link:


If you are running below 7.2.4 where shaping wasn't introduced you can follow the same here:


Configuring QoS Policing and Priority Queuing

hostname(config)# class-map VPN

hostname(config-cmap)# description "This class-map matches traffic for tunnel-grp 1"

hostname(config-cmap)# match tunnel-group tunnel-grp1

hostname(config-cmap)# policy-map qos

hostname(config-pmap)# class VPN

hostname(config-pmap-c)# priority

hostname(config-pmap-c)# class class-default

hostname(config-pmap-c)# police output 2516480 37500 ----> 15% for internet traffic

hostname(config-pmap-c)# service-policy qos interface outside

hostname(config)# priority-queue outside

hostname(config-priority-queue)# queue-limit 2048

hostname(config-priority-queue)# tx-ring-limit 256



This Discussion