https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318968#M951330 <P>Hi,</P><P></P><P>i have c2600 router connected with ipsec VPN to ASA5520. I want to apply QoS on router, because link is congested by corporate regular traffic. I want to prioritize traffic communicating on ports 5061-5064 (voice, video...).</P><P></P><P>What can be the best QoS strategy for this scenario?</P><P></P><P>Thanks. </P> Fri, 21 Feb 2020 11:33:39 GMT lubosbella 2020-02-21T11:33:39Z https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318968#M951330 <P>Hi,</P><P></P><P>i have c2600 router connected with ipsec VPN to ASA5520. I want to apply QoS on router, because link is congested by corporate regular traffic. I want to prioritize traffic communicating on ports 5061-5064 (voice, video...).</P><P></P><P>What can be the best QoS strategy for this scenario?</P><P></P><P>Thanks. </P> Fri, 21 Feb 2020 11:33:39 GMT https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318968#M951330 lubosbella 2020-02-21T11:33:39Z https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318969#M951331 <HTML><HEAD></HEAD><BODY><P>Since you mention VPN, I'm assuming this is across the Internet? If true, are the Internet links used by the VPN used by other than just this one VPN connection? If so, very difficult to impossible to guarantee service.</P><P></P><P>If there's just the VPN connection across the Internet, I've found an effective QoS strategy to be to shape such that bandwidth bottlenecks are avoided except at the Internet endpoints, and for those, use CBWFQ to implement QoS to treat traffic as necessary (e.g. LLQ for real-time traffic such as VoIP).</P><P></P><P>I'm not familar with the capabilities of the ASA. What all the 2600 can do depends on the IOS.</P></BODY></HTML> Sat, 11 Jul 2009 12:22:18 GMT https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318969#M951331 Joseph W. Doherty 2009-07-11T12:22:18Z https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318970#M951332 <HTML><HEAD></HEAD><BODY><P>Like Joseph stated, if this goes over the internet, it's best effort. That being said, I have a client that was having this issue and as a test we gave priority to the remote end IP. It has resolved most of their VoIP issues over the VPN.</P><P></P><P>class-map match-all VPN-CLASS</P><P> match access-group name VPN</P><P> </P><P>policy-map QOS-POLICY</P><P> class VPN-CLASS</P><P> priority 512</P><P> class class-default</P><P> fair-queue</P><P> </P><P>ip access-list extended VPN</P><P> permit ip host 68.115.x.y any</P><P> permit ip any host 68.115.x.y</P><P> </P><P>interface s0/0/0</P><P> service-policy output VPN-POLICY </P><P> </P><P>Hope that helps.</P></BODY></HTML> Mon, 13 Jul 2009 12:57:40 GMT https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318970#M951332 Collin Clark 2009-07-13T12:57:40Z https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318971#M951333 <HTML><HEAD></HEAD><BODY><P>Thank you,</P><P></P><P>maybe i should more specify conditions. In attachment is a scheme of my network. </P><P></P><P>Im not sure if it is possible to use a CBWFQ strategy because congested router have only one physical interface divided into subinterfaces and CBWFQ method dont support it officialy.</P><P></P><P>Collin your configuration is applied to ASA or C2600?</P><P></P><P>Thanks.</P><P></P><P> </P><P></P></BODY></HTML> Tue, 14 Jul 2009 06:41:21 GMT https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318971#M951333 lubosbella 2009-07-14T06:41:21Z https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318972#M951334 <HTML><HEAD></HEAD><BODY><P>It is from a 2811 running 12.4(5)</P></BODY></HTML> Tue, 14 Jul 2009 13:58:27 GMT https://community.cisco.com/t5/network-security/vpn-qos/m-p/1318972#M951334 Collin Clark 2009-07-14T13:58:27Z