Re: ASA 5505 Configure QoS & VOIP with SIP Trunking

moises.ruiz · ‎09-17-2012

Hi,

I've read several posts and configuration documents including:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate

and

http://brian-kayser.blogspot.ca/2010/10/doing-asa-quality-of-service-qos.html

But I am not savy configuring ASAs at all and I can't get it to work so I am hoping that someone can provide clear and detailed information on what I need to do.

Problem:

We are switching to a SIP trunk phone system and I am in charge of setting up the ASA to not only make it work but also make sure that there's packet priority or QoS.

I've never configured something like this and I was giving another set of instructions to make sure that this is working:

http://support.thinktel.ca/index.php/kb/article/251-How_SIP_Trunking_works

Configuration:

My configuration is very basic:

3 interfaces - Outside/Inside/Guest

ASA Version: 7.2(3)

ASDM Version 5.2(3)

Firewall Mode: Routed

Solution:

When I tried following the instructions on brian-kayser's blog I get an error when I'm sending the following command:

shape average

^ Invalid marker

service-policy PRIORITY-POLICY

^ Incomplete command

I think it's because my version of ASA doesn't have this functionality but I don't know.

Julio Carvajal · ‎09-17-2012

Hello Moises,

"Traffic shaping was introduced in ASA 7.2.4"

Now I will start saying the following:

"The priority will start to happen as soon as the ASA gets oversubscripted ( this means the hardware queue got full, then the software queue it will start working and here is where the priority magic happens ( we have 2 queues: best effort queue {Default} and the priority queue)"

So the thing is that as far as it concernes to the ASA if it has a connection to the outside DSL ( using a 100 MB link) and he does not detect an oversubscription here then he will be using the best effort queue, that is what on the Brian Kayser website he tell us that we need to configure traffic shapping or policing in order to change the behavior of the ASA.

Any other question.. Sure.. Just remember to rate all of my answers

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

moises.ruiz · ‎09-18-2012

Ok so that's why I am not able to run the rest of the commands as per Brian Kayser's website...

Would you help me out and provide me instructions on how to update to version 7.2(4)?

Is it complicated?

I believe I understand what you are saying but if I only have 1mbps upload, I would want to give priority to voice packets in the event that someone is using all the bandwidth at some point.

Julio Carvajal · ‎09-18-2012

Hello Moises,

Sure my pleasure.

Just go to cisco.com, go to the support area / downloads / asa5500 series/Choose the ASA 5505 software and look for that particular image.

As soon as you download it you can copy it to the ASA flash memory using a TFTP server.

http://www.techrepublic.com/blog/networking/five-steps-to-upgrading-the-software-on-a-cisco-asa-5510/294

http://evilrouters.net/2012/02/15/how-to-upgrade-cisco-asa-software-and-asdm/

In fact use those 2 links, as soon as you have that version I will help you with the Priority stuff.

Any other question.. Sure.. Just remember to rate all of my answers

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

moises.ruiz · ‎10-01-2012

Hi Julio,

Unfortunately I do not have the license or the membership to upgrade and download the image myself. The person that used to manage this appliance left and I do not have any documentation about it.

Could you tell me how I can do this upgrade without being a Cisco partner or where can I buy the image?

Thanks,

Julio Carvajal · ‎10-01-2012

Hello Moises,

The only way is to be registered with Cisco.

Please check your inbox.

Any other question.. Sure.. Just remember to rate all of my answers

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC