VPN QOS Design

Answered Question
May 10th, 2010
User Badges:

I am currently looking into designing a VPN network over the internet with QOS for video and voice using ASA and 2811 routers.  Does anybody have any success stories or sample configurations that I could look at, to see if it is even a possibility?

Thank you

Correct Answer by Panos Kampanakis about 7 years 2 months ago

As explained in http://supportforums.cisco.com/docs/DOC-1230 you use DSCP to match on traffic you prioritize and the rest you police.

You can also shape the rest of the traffic instead of police.

It explains it in the link provided.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
peter.williams@... Mon, 05/10/2010 - 07:31
User Badges:

Thank you for your post, is ther anything that I will need to put into the 2811 router on the other end?  Also I have multiple sites connected to the ASA, will the configuration change becasue of the multiple vpn tunnels on the ASA?

Thank you

Panos Kampanakis Mon, 05/10/2010 - 07:46
User Badges:
  • Cisco Employee,

Please do read the doc.

To briefly answer your questions:

- is there anything that I will need to put into the 2811 router on the other end?

For best results you need to QoS both ends outbound.

- will the configuration change because of the multiple vpn tunnels on the ASA?

check the config. You can QoS on a per tunnel basis.

Rate if helpful.



peter.williams@... Mon, 05/10/2010 - 10:40
User Badges:

OK, I am sorry, I read the document but it only deals with the ASA (which is great) but I do not see anything on what the router side should look like, I probably just missing it.  Is there any other examples for the QOS between an ASA and a router using VPN?

Thank you

peter.williams@... Thu, 05/13/2010 - 06:18
User Badges:

Thank you for your post, I need to give some more information on the sites - I will have a Site-to-Site VPN tunnel from a router in Amsterdam to an ASA in the US over the internet.  There will be VOIP phones and Tandberg video conferencing unit as well as PC's there in Amsterdam.  I want to provide the best possible QOS design.  I would assume that I will need to use DSCP to use the QOS properly over the VPN tunnel.  the previous examples looks like it is policing the bandwidth, is there anything that will prioritze the packets over the VPN tunnel between the sites or am I on the wrong track?

Thank you


This Discussion