Using QoS in Pix to prioritize VPN Lan2LAN traffic

jilahbg · ‎10-13-2005

Hi

Is it possible to do some kind of QoS in the pix to prioritize traffic going into Lan2Lan-tunnels over other outgoing traffic to internet?

Regards Jimmy

attrgautam · ‎10-13-2005

AFAIK it is not possible to mark on the PIX but PIX will copy the ToS frm IP header to the VPN header. If you have a router bfor the PIX, you can do the marking there

attrgautam · ‎10-13-2005

Picked this from

http://www.ciscopress.com/articles/article.asp?p=379751&rl=1

Prior to PIX 7.0, a Cisco security appliance could inspect and forward traffic only in a best-effort fashion. The first packets into a firewall would be the first packets coming out, regardless of the application being used or the urgency of the traffic.

PIX 7.0 introduces priority queuing on firewall interfaces, so that urgent or time-sensitive traffic can be identified and placed in a strict priority queue. The firewall always makes sure that any packets in a priority queue are sent before any

others. This is an important feature for applications like voice and video, where packets must be delivered in a consistently prompt fashion, without being affected by other traffic passing through the firewall.

Specific traffic can also be identified and held within configured bandwidth constraints. This is known as policing, a handy tool that can be used to keep less desirable or less important applications from hogging the links coming from a firewall.

HTH

rpickard · ‎10-15-2005

Richard

CCIE | NNCSE

member --- HSTRA

//