Prioritising VPN traffic through PIX

Unanswered Question

I have recently set up a VPN to a remote office using PIX 515s IOS 7.2(1). We are sending Video Conferencing traffic over the VPN which is having to compete with the normal Internet traffic through the HQ PIX.


What is the easiest way to prioritise the VPN traffic over the other Internet traffic? I think QoS is what I need for this problem, anyone have a sample config to solve this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Wed, 12/06/2006 - 18:12
User Badges:
  • Red, 2250 points or more

Refer to this URL.. really good for QOS on PIX/ASA:


http://cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063706a.html#wp1047318


But one thing.. QOS never works over internet links, because at any time, QOS should be end to end.. since internet is a widely open blackhole, even if u do QOS at ur routers, after entering the service provider, it is going to act on whatever is configured on the ISP end routers.. hope u get it..


Let us know if u need any more details.. all the best.. rate replies if found useful..


Raj

sebastan_bach Fri, 12/08/2006 - 07:00
User Badges:

hi u can set priority for ur vpn traffic with a clas-map and matching the tunnel group in it for priority. then in the policy map u can set priority for it.


as sachin said qos on internet cannot be useful unless it is end to end. it means u need to sign a SLA with the isp to match ur DSCP bits set to ur vpn traffic.


ur pix or asa cannot set the dscp or precedense bits. u will need a router to mark ur traffic before it reaches ur pix.


it they are marked already then u can match them on the base of DSCP bits on the pix in the class-map.


setting priority on the pix will only help to pass this vpn traffic first as compared to the other traffic.


hope this helps.


regards


sebastan

Actions

This Discussion