QoS on PIX/ASA for internet based Voice/Video

Discussion in 'Cisco' started by theizer1, Oct 4, 2011.

  1. theizer1

    theizer1

    Joined:
    Nov 14, 2008
    Messages:
    3
    Scenario: I have a LAN with with two Cisco 3750G-48TS-E switches as my core. We have a pix 515E firewall running 8.0.4 connected to a 20Mbps internet pipe. My company utilizes a lot of video conferencing and voip services via the internet so I cannot do end to end QoS. I also have L2L vpn traffic to a remote data center (no voice or video ove vpn though) which I would like to limit to 15Mbps. My thought to just trust dscp/cos on the 3750s to do QoS on the pix using a combination of ACLs, class-maps, policy-maps, etc with priority queues.

    I am not sure if I should apply my service-policy to just the inside interface, just the outside or both. Also, will this at least give my identified traffic priority like I think it will?

    Here's my config:

    class-map cm_voice
    description matches all dscp ef traffic
    match dscp ef

    class-map cm_video
    description matches all dscp af41 traffic
    match dscp af41

    access-list al_tcp_traffic permit tcp any any
    class-map cm_tcp_traffic
    description matches all non-tunneled tcp traffic
    match access-list al_tcp_traffic

    ##classify all tunneled traffic for L2L vpn
    access-list al_ip_vpn extended permit ip 192.168.0.0 255.255.240.0 69.xxx.xxx.xxx 255.255.255.128
    access_list al_ip_vpn extended permit ip 10.0.0.0 255.224.0.0 69.xxx.xxx.xxx 255.255.255.128

    class-map cm_vpn_all
    description matches all TUNNELED ip traffic to hosted solutions
    match access-list al_ip_vpn
    match tunnel-group 69.xxx.xxx.xxx

    policy-map qos
    class cm-voice
    priority
    class cm-video
    priority
    class cm_vpn_all
    police output 15728500 15728500
    police input 15728500 15728500

    priority-queue outside
    priority-queue inside


    ## DO I APPLY THIS JUST TO INSIDE, OUTSIDE, OR IS BOTH BEST?
    service-policy qos interface outside
    service-policy qos interface inside
    theizer1, Oct 4, 2011
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sven Holm
    Replies:
    0
    Views:
    1,468
    Sven Holm
    Sep 7, 2003
  2. Sven Holm
    Replies:
    0
    Views:
    1,387
    Sven Holm
    Sep 9, 2003
  3. Sven Holm
    Replies:
    5
    Views:
    4,447
    Arnold Ligtvoet
    Sep 12, 2003
  4. Hiro
    Replies:
    67
    Views:
    4,993
    Paul Cupis
    Feb 24, 2006
  5. Giuen
    Replies:
    0
    Views:
    666
    Giuen
    Sep 12, 2008
Loading...

Share This Page