cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6687
Views
11
Helpful
11
Replies

VOIP QoS over L2L VPN on a ASA5505

jgeorge
Level 1
Level 1

I have 4 remote sites that are using a ASA as thir firewall / router. I'm setting up a full mesh VPN between all the sites. One of the sites have a UC500 and the other sites access that UC over the VPN tunnels. I would like to set up some basic QoS for the VOIP traffic

Lets say a remote site has 10mb down / 1mb up and I use the following config

ASA(config)# priority-queue outside

ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group (VPN 2L2 TUNNLE NAME BACK TO UC)
ASA(config-cmap)# match dscp ef

ASA(config-cmap)# policy-map priority-policy
ASA(config-pmap)# class TG1-voice-class
ASA(config-pmap-c)# priority

ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 900000
ASA(config-pmap-c)# service-policy priority-policy

ASA(config-pmap-c)# service-policy shape-priority-policy interface outside

To me this would only limt the VPN to 900kb with 100kn reserved for VOIP but non VPN traffic would not be shapped

I would like to limit all traffic with some reserced space for VOIP and then give it priorty.

Second question:

The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?

11 Replies 11

ajay chauhan
Level 7
Level 7

Hi Jason,

This might help you.

https://supportforums.cisco.com/docs/DOC-1230

Thanks

Ajay

Thanks for the link but that is where I got my config that I posted above...

The artical didn't answer my questions so I posted here.

Any other thoughts on this?

ajay chauhan
Level 7
Level 7

OK let me try to explain -

Here two service-policies are configured one is matching VPN voip traffic and another one is global .Inside global policy you have configured

shape average 900000  < This is for match class-default all the traffic which is not matching in any specific class will be matched here. Just in case of congestion remaining BW will be guaranteed for voice.

Thanks

Ajay

Thanks that makes some more sense. I still have the second question though, could you help with that?

"

The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?

"

Hi Jason,

You can call multiple calss-map under same policy-map. Here it will be little tricky to allocate the required bandwidth.

So you need to adjust bandwidth for  traffic shape.

Thanks

Ajay

How should I do that though?

Lets say the site with the UC has 5MB connection UP.

I want to reserve at least 200Kbps for each sites VPN voice traffice

Maybe I should ask the question this way.

I have 5 Site to Site VPN tunnels. I want to apply the QoS to all 5 tunnels to limit the speed to %85 and reserver %15 for VOIP.

With my example above I am able to do this if I have one tunnle but not sure how to make it work with more then one tunnel.

I was thinking I could use a match statment that uses a ACL to match all LAN traffic that would be going to the other remote sites but I get the following error:

ERROR: Multiple match commands are not supported except for the 'match tunnel-group or default-inspect-traffic' command.

I would say you should calculate total BW required for VOIP and based on that configure shape . Ofcourse you wont like to drop voice calls. QOS will only work when there is congestion else all free to go.

How do you apply this type of QoS when there is more the one tunnel in place?

Do I need to make 5 policy maps such as (only made 2 as an example)

class-map TG1-voice-class

match tunnel-group AAA

match dscp ef

class-map TG2-voice-class

match tunnel-group BBB

match dscp ef

policy-map priority-policy

class TG1-voice-class

priority

policy-map shape-priority-policy

class class-default

shape average 14256000

service-policy priority-policy

policy-map priority-policy

class TG2-voice-class

priority

policy-map shape-priority-policy

class class-default

shape average 14256000

service-policy priority-policy

service-policy shape-priority-policy interface outside

So this will limit the upload speed to 14256000 and allow the rest of the BW to VOIP?

create multiple class-map like-

class-map TG2-voice-class

match tunnel-group BBB

match dscp ef

call all of them under-

policy-map priority-policy

Thanks

Ajay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: