Cisco Support Community
Community Member

Applying QoS to VPN Traffic


Am planning to deploy VPN from a clients HQ where i have proposed either ASA 5520 firewall and 2800 series routers for three others branches. This will be site-to-site VPN with the HQ as the hub.

The client want us to reserve a specific bandwidth e.g like 128kbps for the IPSec tunnel.

How possible is this? Can this be done on a router? Can this be done in an ASA?

If its possible, how is it done?


Re: Applying QoS to VPN Traffic

If you want to reserve 128kbps for the tunnel, then you must do it on your edge routers or any upstream device between your two ASAs.

See this document for configuring QoS on 12.4 routers (or browse to your IOS version):

On a side note, you can do QoS both in/out of your ASA as well as across your VPN tunnel:

In/Out of ASA:

Across tunnel:

Hope that helps. Please rate if this sent you on the right path.



Community Member

Re: Applying QoS to VPN Traffic

Hi Tim,

Thanks. It was a nice insight but seems to incline more to voice. I want to apply this to any traffic going through the VPN tunnel.

One more question. Whats the best option for this scenario. Do i got ahead the ASA or go with the ISR routers for the proposed WAN solution.

There is no voice going over this tunnel. Just normal data as they want to run their applications across this WAN. So the design should be in such a way that, this reserved bandwidth should be used for any tunneled traffic.

CreatePlease to create content