cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
765
Views
0
Helpful
2
Replies

Prioritising VPN traffic through PIX

andrew.goss
Level 1
Level 1

I have recently set up a VPN to a remote office using PIX 515s IOS 7.2(1). We are sending Video Conferencing traffic over the VPN which is having to compete with the normal Internet traffic through the HQ PIX.

What is the easiest way to prioritise the VPN traffic over the other Internet traffic? I think QoS is what I need for this problem, anyone have a sample config to solve this problem?

2 Replies 2

sachinraja
Level 9
Level 9

Refer to this URL.. really good for QOS on PIX/ASA:

http://cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063706a.html#wp1047318

But one thing.. QOS never works over internet links, because at any time, QOS should be end to end.. since internet is a widely open blackhole, even if u do QOS at ur routers, after entering the service provider, it is going to act on whatever is configured on the ISP end routers.. hope u get it..

Let us know if u need any more details.. all the best.. rate replies if found useful..

Raj

hi u can set priority for ur vpn traffic with a clas-map and matching the tunnel group in it for priority. then in the policy map u can set priority for it.

as sachin said qos on internet cannot be useful unless it is end to end. it means u need to sign a SLA with the isp to match ur DSCP bits set to ur vpn traffic.

ur pix or asa cannot set the dscp or precedense bits. u will need a router to mark ur traffic before it reaches ur pix.

it they are marked already then u can match them on the base of DSCP bits on the pix in the class-map.

setting priority on the pix will only help to pass this vpn traffic first as compared to the other traffic.

hope this helps.

regards

sebastan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: