Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Prioritising VPN traffic through PIX

I have recently set up a VPN to a remote office using PIX 515s IOS 7.2(1). We are sending Video Conferencing traffic over the VPN which is having to compete with the normal Internet traffic through the HQ PIX.

What is the easiest way to prioritise the VPN traffic over the other Internet traffic? I think QoS is what I need for this problem, anyone have a sample config to solve this problem?


Re: Prioritising VPN traffic through PIX

Refer to this URL.. really good for QOS on PIX/ASA:

But one thing.. QOS never works over internet links, because at any time, QOS should be end to end.. since internet is a widely open blackhole, even if u do QOS at ur routers, after entering the service provider, it is going to act on whatever is configured on the ISP end routers.. hope u get it..

Let us know if u need any more details.. all the best.. rate replies if found useful..


Community Member

Re: Prioritising VPN traffic through PIX

hi u can set priority for ur vpn traffic with a clas-map and matching the tunnel group in it for priority. then in the policy map u can set priority for it.

as sachin said qos on internet cannot be useful unless it is end to end. it means u need to sign a SLA with the isp to match ur DSCP bits set to ur vpn traffic.

ur pix or asa cannot set the dscp or precedense bits. u will need a router to mark ur traffic before it reaches ur pix.

it they are marked already then u can match them on the base of DSCP bits on the pix in the class-map.

setting priority on the pix will only help to pass this vpn traffic first as compared to the other traffic.

hope this helps.



CreatePlease to create content