I have four sites that use ASA 5505's that connect to the main office's ASA 5510x in Dallas via site 2 site tunnels. I need to setup QOS for voip traffic from our Houston site and possibly the others in the future.
The Houston site has four ip phones that connect to a pbx at our main location and have Comcast cable as the ISP. They have light internet usage (5 person office) and 3 printers that are also printed to from our main office.
Our main location has a T1 and will soon be moving to fibre.
I need help with a best practice step by step guide to setup the voip on the 5505/5510. I have looked at the configuration guide and perused some discussion groups and it seems there are many ways to accomplish this.
I cannot work on a step by step configuration reference as that's why the configuration guide exists :D I can talk about recommendations and what I think the best option is.
In this case if I am not mistaken you want to implement QoS for VoIP traffic across VPN tunnels.
For this u will use something as
class-map VPN_TO_Main_Office description “match on Branch Tunnel Group based on flows” match tunnel-group x.x.x Main_Office_IP_addres match dscp ef (To match VoIP traffic)
And then of course prioritize (On the ASA u Need to create a priority queue manually, configure the queue limit and Transmit-Ring setttions).
Now Remember that Priotity will only take place after the interface queue gets fullfiled (So the Congestion Management tool takes place) So I would also recommend first shapping the traffic to the exact rate you are paying the ISP (So the congestion management kicks in faster).
I know, I know sounds hard to do but it's not that bad, and just for ur reference here is a links that talks about it.
Man I need my own ASA to create blog posts about stuff like this!
Thank you for taking to time to help with this.
Can you tell me what the x.x.x indicates from the above example on this line:
match tunnel-group x.x.x Main_Office_IP_addres
Does it signify the name of the vpn tunnel-group?
If so I am assuming the "Main_Office_IP_address" is the address of the main office outside interface or is that there describing the "x.x.x"?
description “match on Branch Tunnel Group based on flows”
match tunnel-group 126.96.36.199 188.8.131.52
match dscp ef
So if am reading this right Julio Carvaja it would look like this:
match tunnel-group 184.108.40.206
match dscp ef
class class-default Default traffic policy
shape average 600000
Would I also apply something similar at the main office for VOIP traffice outbound to the satellite office?