Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QOS configuration on ASA 5505

Hello Experts,

We have 2MB leased line dedicated (1:1) and around 10 remote sites are connected vis STS IP Sec Tunnel. There is no QOS configured. Now what I ant i.e. 85 % bandwidth I want to reserve for all remote sites and 15 % for internet request (Web Surfing or download e-mails).

Can anyone post the configuration?

Thanks!!!!

2 REPLIES

Re: QOS configuration on ASA 5505

I think this can be done using MPF, here is a link that explain how to perform bandwidth management on the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

I hope it helps.

Cisco Employee

Re: QOS configuration on ASA 5505

If you are running 7.2.4 and above:

Sample VPN traffic:

access-list vpn_traffic extended permit ip 10.10.10.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list vpn_traffic extended permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

These two classes match vpn and voice traffic.  You can remove voice traffic if you like.
!
class-map vpn-traffic
match access-list vpn_traffic
class-map voice-traffic
match dscp af13  af31  ef
!
policy-map qos_class_policy
class vpn-traffic
  priority
class voice-traffic
  priority
!
policy-map qos_outside_policy
class class-default
  shape average 16777216          <---- traffic shaping config is here
  service-policy qos_class_policy < ---- priority queueing config is here
!
service-policy qos_outside_policy interface outside

Reference link:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1.html#wp1399177

If you are running below 7.2.4 where shaping wasn't introduced you can follow the same here:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/qos.html#wp1051164

Configuring QoS Policing and Priority Queuing

hostname(config)# class-map VPN

hostname(config-cmap)# description "This class-map matches traffic for tunnel-grp 1"

hostname(config-cmap)# match tunnel-group tunnel-grp1


hostname(config-cmap)# policy-map qos

hostname(config-pmap)# class VPN

hostname(config-pmap-c)# priority

hostname(config-pmap-c)# class class-default

hostname(config-pmap-c)# police output 2516480 37500 ----> 15% for internet traffic

hostname(config-pmap-c)# service-policy qos interface outside

hostname(config)# priority-queue outside

hostname(config-priority-queue)# queue-limit 2048

hostname(config-priority-queue)# tx-ring-limit 256

-KS

1293
Views
0
Helpful
2
Replies