Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
3
Replies

what is the best way to setup QOS between an ASA 5505 and ASA 5510x for VOIP Traffic

nolonkellerhals
Level 1
Level 1

‎03-05-2014 02:10 PM - edited ‎03-11-2019 08:54 PM

Hi,

I have four sites that use ASA 5505's that connect to the main office's ASA 5510x in Dallas via site 2 site tunnels.  I need to setup QOS for voip traffic from our Houston site and possibly the others in the future.

The Houston site  has four ip phones that connect to a pbx at our main location and have Comcast cable as the ISP. They have light internet usage (5 person office) and 3 printers that are also printed to from our main office.

Our  main location has a T1 and will soon be moving to fibre.

I need help with a best practice step by step guide to setup the voip on the 5505/5510.  I have looked at the configuration guide and perused some discussion groups and it seems there are many ways to accomplish this.

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-08-2014 11:08 PM

Hello,

 

I cannot work on a step by step configuration reference as that's why the configuration guide exists :D I can talk about recommendations and what I think the best option is.

 

In this case if I am not mistaken you want to implement QoS for VoIP traffic across VPN tunnels.

For this u will use something as 

class-map VPN_TO_Main_Office
 description “match on Branch Tunnel Group based on flows”
 match tunnel-group x.x.x Main_Office_IP_addres
 match dscp ef (To match VoIP traffic)

And then of course prioritize (On the ASA u Need to create a priority queue manually, configure the queue limit and Transmit-Ring setttions).

 

Now Remember that Priotity will only take place after the interface queue gets fullfiled (So the Congestion Management tool takes place) So I would also recommend first shapping the traffic to the exact rate you are paying the ISP (So the congestion management kicks in faster).

 

I know, I know sounds hard to do but it's not that bad, and just for ur reference here is a links that talks about it.

 

http://brian-kayser.blogspot.com/2010/10/doing-asa-quality-of-service-qos.html

https://supportforums.cisco.com/message/3730834#3730834

 

Man I need my own ASA to create blog posts about stuff like this!

 

Regards,

 

Jcarvaja

http://laguiadelnetworking.com

 

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

nolonkellerhals
Level 1
Level 1
In response to Julio Carvajal

‎03-10-2014 01:58 PM

Thank you for taking to time to help with this.

Can you tell me what the x.x.x indicates from the above example on this line:

match tunnel-group x.x.x Main_Office_IP_addres

Does it signify the name of the vpn tunnel-group?

If so I am assuming the "Main_Office_IP_address" is the address of the main office outside interface or is that there describing the "x.x.x"?

class-map VPN_TO_Main_Office
description “match on Branch Tunnel Group based on flows”
match tunnel-group 64.205.17.193 64.205.17.193
match dscp ef

0 Helpful

nolonkellerhals
Level 1
Level 1
In response to nolonkellerhals

‎03-12-2014 11:47 AM

So if am reading this right Julio Carvaja it would look like this:

priority-queue outside
!
class-map VOIP-TRAFFIC
 match tunnel-group 64.205.17.193
 match dscp ef


policy-map PRIORITY-POLICY
 class VOIP-TRAFFIC
  priority


policy-map QOS-TRAFFIC-OUT
 class class-default   Default traffic policy
  shape average 600000
  service-policy PRIORITY-POLICY
!


service-policy QOS-TRAFFIC-OUT

 

Would I also apply something similar at the main office for VOIP traffice outbound to the satellite office?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card