I am running 8.2.5 on 5505s and set up a service policy qos to try to give VOIP packets priority. I used policing on the other interface of the ASA and police both the input and output packets. I have a priority que, a class for my VPN tunneled traffic, a class for TCP traffic (for mainly Internet traffic) and a default class. The classes TG-NonVoice-Out and TG-NonVoice_In use an access list match for any traffic over the VPN tunnel. The VOIP traffic also is all tunneled traffic - priority que out and class-map TG-Voice-In although there is none over this link but I use the same setup on all my ASAs. The class-map TCP-Traffic is for both in and out tcp packets. The default class map is in and out for all other packets. The config for all this is below. Not too complex and appeared to work for both incoming and outgoing when I watch bit rates using the asdm with test files. ...
..BUT>>>>>> I find that it starts failing after running for a while. If I do a 1GB file transfer over the tunnel between two end hosts, the transfer starts and assuming the values below are in use, I would see the transfer start and hold at 30Mb for a long time. Then out of the blue it may drop and hold at 2Mb (the default class) and that is where it stays for then on for any tunneled traffic. If I were to set the default class rate to 6 Mb, I would see the rate drop down to 6Mb so I know it is placing all the tunneled traffic in the default class and not in the TG-NonVoice-xx class where it should be since the packets are matching the acl for the class.
Any idea what is going on and why this is failing? Does anyone see a mistake in the setup that would cause this
access-list tg-nonvoice-out extended permit ip 10.42.206.128 255.255.255.192 any
access-list tcp-traffic extended permit tcp any any
access-list tg-nonvoice-in extended permit ip any 10.42.206.128 255.255.255.192
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...