QoS on PIX/ASA for internet based Voice/Video
Scenario: I have a LAN with with two Cisco 3750G-48TS-E switches as my core. We have a pix 515E firewall running 8.0.4 connected to a 20Mbps internet pipe. My company utilizes a lot of video conferencing and voip services via the internet so I cannot do end to end QoS. I also have L2L vpn traffic to a remote data center (no voice or video ove vpn though) which I would like to limit to 15Mbps. My thought to just trust dscp/cos on the 3750s to do QoS on the pix using a combination of ACLs, class-maps, policy-maps, etc with priority queues.
I am not sure if I should apply my service-policy to just the inside interface, just the outside or both. Also, will this at least give my identified traffic priority like I think it will?
Here's my config:
description matches all dscp ef traffic
match dscp ef
description matches all dscp af41 traffic
match dscp af41
access-list al_tcp_traffic permit tcp any any
description matches all non-tunneled tcp traffic
match access-list al_tcp_traffic
##classify all tunneled traffic for L2L vpn
access-list al_ip_vpn extended permit ip 192.168.0.0 255.255.240.0 69.xxx.xxx.xxx 255.255.255.128
access_list al_ip_vpn extended permit ip 10.0.0.0 255.224.0.0 69.xxx.xxx.xxx 255.255.255.128
description matches all TUNNELED ip traffic to hosted solutions
match access-list al_ip_vpn
match tunnel-group 69.xxx.xxx.xxx
police output 15728500 15728500
police input 15728500 15728500
## DO I APPLY THIS JUST TO INSIDE, OUTSIDE, OR IS BOTH BEST?
service-policy qos interface outside
service-policy qos interface inside
|All times are GMT. The time now is 02:44 PM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.