Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS on ASA 5520 with 871 ezvpn clients

Hello All-

I have an ASA 5520 (Software Version 7.2(2)) that I am trying to setup QoS for VoIP on the outside egress interface (the destination being an 871 ezvpn client). I have configured the Inside interface with the same QoS policy-map as the outside and can observe transmit traffic when placing a VoIP call. However, the egress traffic on the Outside interface does not reflect that the policy has been applied? It is as though the traffic is being encrypted before there can be a match. Is there a way to apply the policy before encryption? Below are snippets of my configuration:

priority-queue Outside

priority-queue Inside


class-map Voice

match dscp ef

class-map csc-filter

match access-list cscfilter-acl



policy-map csc-traffic-filter

class csc-filter

csc fail-open

policy-map global-policy

class class-default

csc fail-open

inspect ftp

policy-map Voice_Policy

class Voice



service-policy global-policy global

service-policy Voice_Policy interface Outside

service-policy Voice_Policy interface Inside

service-policy csc-traffic-filter interface InternetDMZ

Interface Outside:

Service-policy: Voice_Policy

Class-map: Voice


Interface Outside: aggregate drop 0, aggregate transmit 0

Interface Inside:

Service-policy: Voice_Policy

Class-map: Voice


Interface Inside: aggregate drop 0, aggregate transmit 33695

Any assistance would be greatly appreciated.