Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

QoS Pix


I would like to implement QoS on Pix 7.0(4). We connect to our customers using Cisco VPN client(remote access VPN).

I would like to prioritize this traffic, because these VPN connections are slow and e.g. browsing is fast.

What is the best match in class-map command to cover this traffic? I tried

match port tcp 3389(because we especially use terminal services to connect to remote systems through VPN). Or is better to use ACL with remote public IP(where VPN ends).

Could you please advice me.

Many thanks,


New Member

Re: QoS Pix

! First match VPN traffic.

! Use an access-list

hostname (config)# class-map VPN-TRAFFIC

hostname (config-cmap)# match access-list ...

! Apply this in a QoS map in such a way that traffic matched by class-map "VPN-TRAFFIC" will be made priority

hostname (config)# policy-map QoS

hostname (config-pmap)# class VPN-TRAFFIC

hostname (config-pmap-c)# priority

! Create the Priority queue on interface "blah"

hostname(config)# priority-queue blah

! Now we can apply this policy "QoS" on the "blah" inferface

hostname (config)# service-policy qos interface blah

You might also be able to use a "tunnel-group" to match traffic. Refer to

for more details.

By the way if you are using a sub interface the "service-policy" is applied on the sub interface but "priority-queue" is applied on the physical interface.