03-05-2014 02:10 PM - edited 03-11-2019 08:54 PM
Hi,
I have four sites that use ASA 5505's that connect to the main office's ASA 5510x in Dallas via site 2 site tunnels. I need to setup QOS for voip traffic from our Houston site and possibly the others in the future.
The Houston site has four ip phones that connect to a pbx at our main location and have Comcast cable as the ISP. They have light internet usage (5 person office) and 3 printers that are also printed to from our main office.
Our main location has a T1 and will soon be moving to fibre.
I need help with a best practice step by step guide to setup the voip on the 5505/5510. I have looked at the configuration guide and perused some discussion groups and it seems there are many ways to accomplish this.
03-08-2014 11:08 PM
Hello,
I cannot work on a step by step configuration reference as that's why the configuration guide exists :D I can talk about recommendations and what I think the best option is.
In this case if I am not mistaken you want to implement QoS for VoIP traffic across VPN tunnels.
For this u will use something as
class-map VPN_TO_Main_Office description “match on Branch Tunnel Group based on flows” match tunnel-group x.x.x Main_Office_IP_addres match dscp ef (To match VoIP traffic)
And then of course prioritize (On the ASA u Need to create a priority queue manually, configure the queue limit and Transmit-Ring setttions).
Now Remember that Priotity will only take place after the interface queue gets fullfiled (So the Congestion Management tool takes place) So I would also recommend first shapping the traffic to the exact rate you are paying the ISP (So the congestion management kicks in faster).
I know, I know sounds hard to do but it's not that bad, and just for ur reference here is a links that talks about it.
http://brian-kayser.blogspot.com/2010/10/doing-asa-quality-of-service-qos.html
https://supportforums.cisco.com/message/3730834#3730834
Man I need my own ASA to create blog posts about stuff like this!
Regards,
Jcarvaja
http://laguiadelnetworking.com
03-10-2014 01:58 PM
Thank you for taking to time to help with this.
Can you tell me what the x.x.x indicates from the above example on this line:
match tunnel-group x.x.x Main_Office_IP_addres
Does it signify the name of the vpn tunnel-group?
If so I am assuming the "Main_Office_IP_address" is the address of the main office outside interface or is that there describing the "x.x.x"?
class-map VPN_TO_Main_Office
description “match on Branch Tunnel Group based on flows”
match tunnel-group 64.205.17.193 64.205.17.193
match dscp ef
03-12-2014 11:47 AM
So if am reading this right Julio Carvaja it would look like this:
priority-queue outside
!
class-map VOIP-TRAFFIC
match tunnel-group 64.205.17.193
match dscp ef
policy-map PRIORITY-POLICY
class VOIP-TRAFFIC
priority
policy-map QOS-TRAFFIC-OUT
class class-default Default traffic policy
shape average 600000
service-policy PRIORITY-POLICY
!
service-policy QOS-TRAFFIC-OUT
Would I also apply something similar at the main office for VOIP traffice outbound to the satellite office?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: