https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261540#M357401 <P>Hey,</P><P>i have one question!</P><P></P><P>i established VPN between 2 sites allowing VOIP thru the tunnel</P><P>my internet speed is 4Mbps</P><P></P><P>i want to give priority for VOIP and E-mail (SMTP,POP3) during congestion while dropping other packets</P><P></P><P>does my Configuration fit my scenario ? does this mean when congestion occur, priority traffic while transmit First ??</P><P></P><P>Thanks</P><P></P><P>access-list e-mail-qos line 1 extended permit tcp x.x.x.x 255.255.255.0 any eq smtp (hitcnt=3) 0x82c5c9dc</P><P>access-list e-mail-qos line 2 extended permit tcp x.x.x.x 255.255.255.0 any eq 587 (hitcnt=12) 0xa01c0a77</P><P>access-list e-mail-qos line 3 extended permit tcp xxxxx 255.255.255.0 any eq pop3 (hitcnt=71) 0x49e769fb</P><P>access-list e-mail-qos line 4 extended permit tcp xxxxx.0 255.255.255.0 any eq 993 (hitcnt=5) 0xdc9da253</P><P>access-list e-mail-qos line 5 extended permit tcp xxxxx 255.255.255.0 any eq 995 (hitcnt=0) 0x19722cfa</P><P>access-list e-mail-qos line 6 extended permit tcp xxxxx 255.255.255.0 any eq imap4 (hitcnt=692) 0xa6255182</P><P></P><P>access-list REMARK-DSCP-VOICE; 8 elements; name hash: 0x317acd62</P><P>access-list REMARK-DSCP-VOICE line 1 extended permit udp xxxxxx 255.255.255.0 eq sip host 192.168.2.100 (hitcnt=0) 0x4eb1b7b0</P><P>access-list REMARK-DSCP-VOICE line 2 extended permit udp xxxxxx 255.255.255.0 range 16384 32767 host 192.168.10.100 (hitcnt=0) 0xe05393fc</P><P>access-list REMARK-DSCP-VOICE line 3 extended permit udp xxxxx 255.255.255.0 eq sip host 192.168.10.100 (hitcnt=0) 0xed1bb356</P><P></P><P></P><P>class-map e-mail-qos</P><P> match access-list e-mail-qos</P><P>class-map voice_traffic</P><P> match access-list REMARK-DSCP-VOICE</P><P></P><P>policy-map QoS</P><P> class voice_traffic</P><P>&nbsp; priority</P><P> class e-mail-qos</P><P>&nbsp; priority</P><P> class class-default</P><P>&nbsp; police output 4000000</P><P></P><P>priority-queue outside</P><P>&nbsp; queue-limit&nbsp;&nbsp; 512</P><P>&nbsp; tx-ring-limit 128</P> Tue, 12 Mar 2019 01:50:01 GMT mohdkadie 2019-03-12T01:50:01Z https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261540#M357401 <P>Hey,</P><P>i have one question!</P><P></P><P>i established VPN between 2 sites allowing VOIP thru the tunnel</P><P>my internet speed is 4Mbps</P><P></P><P>i want to give priority for VOIP and E-mail (SMTP,POP3) during congestion while dropping other packets</P><P></P><P>does my Configuration fit my scenario ? does this mean when congestion occur, priority traffic while transmit First ??</P><P></P><P>Thanks</P><P></P><P>access-list e-mail-qos line 1 extended permit tcp x.x.x.x 255.255.255.0 any eq smtp (hitcnt=3) 0x82c5c9dc</P><P>access-list e-mail-qos line 2 extended permit tcp x.x.x.x 255.255.255.0 any eq 587 (hitcnt=12) 0xa01c0a77</P><P>access-list e-mail-qos line 3 extended permit tcp xxxxx 255.255.255.0 any eq pop3 (hitcnt=71) 0x49e769fb</P><P>access-list e-mail-qos line 4 extended permit tcp xxxxx.0 255.255.255.0 any eq 993 (hitcnt=5) 0xdc9da253</P><P>access-list e-mail-qos line 5 extended permit tcp xxxxx 255.255.255.0 any eq 995 (hitcnt=0) 0x19722cfa</P><P>access-list e-mail-qos line 6 extended permit tcp xxxxx 255.255.255.0 any eq imap4 (hitcnt=692) 0xa6255182</P><P></P><P>access-list REMARK-DSCP-VOICE; 8 elements; name hash: 0x317acd62</P><P>access-list REMARK-DSCP-VOICE line 1 extended permit udp xxxxxx 255.255.255.0 eq sip host 192.168.2.100 (hitcnt=0) 0x4eb1b7b0</P><P>access-list REMARK-DSCP-VOICE line 2 extended permit udp xxxxxx 255.255.255.0 range 16384 32767 host 192.168.10.100 (hitcnt=0) 0xe05393fc</P><P>access-list REMARK-DSCP-VOICE line 3 extended permit udp xxxxx 255.255.255.0 eq sip host 192.168.10.100 (hitcnt=0) 0xed1bb356</P><P></P><P></P><P>class-map e-mail-qos</P><P> match access-list e-mail-qos</P><P>class-map voice_traffic</P><P> match access-list REMARK-DSCP-VOICE</P><P></P><P>policy-map QoS</P><P> class voice_traffic</P><P>&nbsp; priority</P><P> class e-mail-qos</P><P>&nbsp; priority</P><P> class class-default</P><P>&nbsp; police output 4000000</P><P></P><P>priority-queue outside</P><P>&nbsp; queue-limit&nbsp;&nbsp; 512</P><P>&nbsp; tx-ring-limit 128</P> Tue, 12 Mar 2019 01:50:01 GMT https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261540#M357401 mohdkadie 2019-03-12T01:50:01Z https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261541#M357402 <HTML><HEAD></HEAD><BODY><P>I think the ACL for voip traffic should include both directions, so you sould add reverse entries.</P><P></P><P>Or, wich looks better to me, you can match voip traffic in the class map using dscp bit. Smth like this:</P><P></P><P>class-map VOIP</P><P> match dscp ef</P><P></P><P>For email-related traffic it's ok.</P></BODY></HTML> Tue, 28 May 2013 07:42:06 GMT https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261541#M357402 Andrew Phirsov 2013-05-28T07:42:06Z https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261542#M357403 <HTML><HEAD></HEAD><BODY><P>Plus, cause priority queuing works only in outbound direction, you should apply (at least for voin) the policy map on both interfaces, or globaly.</P></BODY></HTML> Tue, 28 May 2013 07:53:23 GMT https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261542#M357403 Andrew Phirsov 2013-05-28T07:53:23Z https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261543#M357404 <HTML><HEAD></HEAD><BODY><P>thx</P><P>actually i applied the QoS in the outside (outbound) direction </P><P></P><P><SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN> </P><P></P><P>so i guess everything is working fine</P><P></P><P>Thanks <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span></P></BODY></HTML> Tue, 28 May 2013 08:04:47 GMT https://community.cisco.com/t5/network-security/asa-qos-priority/m-p/2261543#M357404 mohdkadie 2013-05-28T08:04:47Z