Velocity Reviews

Velocity Reviews (
-   Cisco (
-   -   QoS on PIX/ASA for internet based Voice/Video (

theizer1 10-04-2011 04:54 PM

QoS on PIX/ASA for internet based Voice/Video
Scenario: I have a LAN with with two Cisco 3750G-48TS-E switches as my core. We have a pix 515E firewall running 8.0.4 connected to a 20Mbps internet pipe. My company utilizes a lot of video conferencing and voip services via the internet so I cannot do end to end QoS. I also have L2L vpn traffic to a remote data center (no voice or video ove vpn though) which I would like to limit to 15Mbps. My thought to just trust dscp/cos on the 3750s to do QoS on the pix using a combination of ACLs, class-maps, policy-maps, etc with priority queues.

I am not sure if I should apply my service-policy to just the inside interface, just the outside or both. Also, will this at least give my identified traffic priority like I think it will?

Here's my config:

class-map cm_voice
description matches all dscp ef traffic
match dscp ef

class-map cm_video
description matches all dscp af41 traffic
match dscp af41

access-list al_tcp_traffic permit tcp any any
class-map cm_tcp_traffic
description matches all non-tunneled tcp traffic
match access-list al_tcp_traffic

##classify all tunneled traffic for L2L vpn
access-list al_ip_vpn extended permit ip
access_list al_ip_vpn extended permit ip

class-map cm_vpn_all
description matches all TUNNELED ip traffic to hosted solutions
match access-list al_ip_vpn
match tunnel-group

policy-map qos
class cm-voice
class cm-video
class cm_vpn_all
police output 15728500 15728500
police input 15728500 15728500

priority-queue outside
priority-queue inside

service-policy qos interface outside
service-policy qos interface inside

All times are GMT. The time now is 04:52 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.