Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5505 L2L-VPN and QoS

Hi all!

I have a customer that has two offices connected to Internet at 4Mbit (site A) and 10Mbit (site B) using Cisco ASA5505, version 8.2(1). At site A they have an IP-PBX (VoIP) and at site B there are a few IP-phones. Some internal servers are also located at site A. The ISP has enabled QoS (DSCP EF) on the Internet access (works as long as traffic doesn’t leave their network).

In order to guarantee VoIP, and to some extent also intranet traffic, I would like to apply QoS in a hierarchical manner so that VPN is policed or shaped to a sustainable level without “losing” available bandwidth for Internet browsing, particularly at site A. Is it possible?

I understand how I can use priority and shaping/policing to manage VPN-related traffic but does that mean that other traffic is limited to “bandwidth leftovers” at site A? As I understand it, priority doesn’t kick in until there’s a shortage of bandwidth. That will happen when ISP committed bandwidth is reached though ASA5505 will by default assume that interface bandwidth is the limit.

A dream scenario would be like this,

Site A

Interface: Police 4 Mbit/s

L2L VPN: Police 2,4 Mbit/s , Priority VoIP (match dscp ef)

Site B

Interface: Police 10 Mbit/s

    L2L VPN: Police 2,4 Mbit/s , Priority VoIP (match dscp ef)

Can it be done? And if so, I would really appreciate some sample class-map and policy-map statements etc.


Anders Fredriksson


Re: ASA5505 L2L-VPN and QoS

CreatePlease to create content