ASA QoS - two policy maps one service policy to interface?
I am trying to configure my QoS policies on both ASA 5505 and 5510. I havent moved passed the first ASA yet which is a 5505. Below is the show ver and the copy of the config I am using.
Topology - Each ASA has multiple site to site vpns coming into it and I want to run QoS across all the vpns. My sample config is for the first vpn. For the other vpns I would just add additional class maps to the policy map named QOS-Voice. I wanted to create a single policy map but I am unable to because you cant shape and set priority in the same policy map I found out. I moved on to create to policy maps and wanted to "nest" them together and apply as a single service-policy to the interface but its not working. How can I apply both of these policies maps to the outside interface?
class-map Sig-to-NFlorida match access-list Sig-to-NFlorida class-map Sig-from-NFlorida match access-list Sig-from-NFlorida class-map inspection_default match default-inspection-traffic class-map Voice-traffic-NFlorida match dscp ef match tunnel-group x.x.x.x
policy-map Qos-Outside class class-default shape average 10000000
policy-map QOS-Voice class Voice-traffic-NFlorida priority class Sig-to-NFlorida police output 50000 class Sig-from-NFlorida police input 50000
Cisco Adaptive Security Appliance Software Version 8.2(2) Device Manager Version 6.2(5)
Compiled on Mon 11-Jan-10 14:19 by builders System image file is "disk0:/asa822-k8.bin" Config file at boot was "startup-config"
Re: ASA QoS - two policy maps one service policy to interface?
You cannot configure traffic shaping and standard priority queueing for the same interface; only hierarchical priority queueing is allowed. For example, if you configure standard priority queueing for the global policy, and then configure traffic shaping for a specific interface, the feature you configured last is rejected because the global policy overlaps the interface policy.
So the only way way I see this happening is applying the policy that has shaping on the outside interface and the policy that polices on the inside interface that sees the packets hitting it going outbound and policing there.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :