Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Maintaining QoS over Site to Site VPN

I'm trying to confirm that some QoS settings are correctly set up for a site to site vpn btwn that is already setup.  At 1 side we have a 10 mb circuit (10/10) and the other site we have a 20 mb circuit (20/20).  We like to reserve 4/10 from the smaller site and 6/20 from the bigger site for this traffic.  It is primarily a video stream conferencing stream that is passed btwn the two sides so we were trying to filter based on dscp ef.  We had a 3rd party set it up but we are still experiencing some drops and latency and we just wanted to confirm it is set up correctly.  I read through this:

https://supportforums.cisco.com/docs/DOC-24437

Which seems to suggest that all the shaping should be done on the outside, but our is set up a little differently.  I've included the relevant section of both ASA's in an effort to get some feedback.

Site 1:

access-list VOIP extended permit ip host 10.10.5.239 host 10.10.6.239
access-list VOIP extended permit ip host 10.10.6.239 host 10.10.5.239

class-map VOIP
match access-list VOIP
class-map inspection_default
match default-inspection-traffic
class-map Voice-OUT
match dscp af41  ef
match tunnel-group AA.BB.CC.DD
class-map voice-In
match access-list VOIP


policy-map dscppolicy
class VOIP
  priority
policy-map global_policy
class inspection_default
  inspect ftp
policy-map out_policy
class voice-In
  priority

policy-map shape-priority-policy
class class-default
  shape average 3072000
  service-policy out_policy

service-policy global_policy global
service-policy dscppolicy interface inside
service-policy shape-priority-policy interface ethernet2

Site 2:

access-list VOIP extended permit ip host 10.10.5.239 host 10.10.6.239
access-list VOIP extended permit ip host 10.10.6.239 host 10.10.5.239

class-map VOIP
match access-list VOIP
class-map DM_INLINE_Child-Class
match dscp af41  ef
class-map inspection_default
match default-inspection-traffic
class-map Voice-OUT
match dscp af41  ef
match tunnel-group EE.FF.DD.GG
class-map voice-In
match dscp af41  ef
match tunnel-group EE.FF.DD.GG

policy-map dscppolicy
class Voice-OUT
  priority
class VOIP

  priority
policy-map DM_INLINE_Child-Policy
class DM_INLINE_Child-Class
  priority
policy-map type inspect dns migrated_dns_map_1
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
policy-map shape-priority-policy
class class-default
shape average 6144000
  service-policy dscppolicy

service-policy global_policy global
service-policy shape-priority-policy interface outside
service-policy dscppolicy interface inside

Everyone's tags (4)
865
Views
0
Helpful
0
Replies
CreatePlease login to create content