Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
1
Replies

ASA QoS options

Go to solution
Colin Higgins
Level 7
Level 7

‎05-03-2013 11:07 AM - edited ‎03-11-2019 06:38 PM

I was looking at this article regarding QoS implementation on the ASA through VPN tunnels

https://supportforums.cisco.com/docs/DOC-1230

I though that you could either do a traffic policing policy, OR a traffic shaping policy on one interface (or for one tunnel).

The author seems to suggest we can do both.

Can we? Will there be a conflict?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sokakkar
Cisco Employee
Cisco Employee

‎05-03-2013 12:29 PM

Hi Colin,

No, we can't. Also in the doc Panos mentioned this while defining shaping:

Traffic Shaping with Prioritization

Now,  lets assume that we have the same ASA as in the previous case. And we  now want to traffic shape all traffic and prioritize the voice through  the VPN.

Check out the service-policies he applied:

In case of policing:

ASA(config-pmap-c)# service-policy police-priority-policy interface outside

In case of shaping:

ASA(config-pmap-c)# service-policy shape-priority-policy interface outside

For further clarity, check this section on configuration guide which explains how various QOS features interact:

http://www.cisco.com/en/US/customer/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1234418

As per above link:

Typically, if you enable traffic shaping, you do  not also enable policing for the same traffic, although the ASA does not  restrict you from configuring this.

Because it won't make much of a sense anyways.

HTH.

-

Sourav

View solution in original post

0 Helpful
1 Reply 1

Go to solution
sokakkar
Cisco Employee
Cisco Employee

‎05-03-2013 12:29 PM

Hi Colin,

No, we can't. Also in the doc Panos mentioned this while defining shaping:

Traffic Shaping with Prioritization

Now,  lets assume that we have the same ASA as in the previous case. And we  now want to traffic shape all traffic and prioritize the voice through  the VPN.

Check out the service-policies he applied:

In case of policing:

ASA(config-pmap-c)# service-policy police-priority-policy interface outside

In case of shaping:

ASA(config-pmap-c)# service-policy shape-priority-policy interface outside

For further clarity, check this section on configuration guide which explains how various QOS features interact:

http://www.cisco.com/en/US/customer/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1234418

As per above link:

Typically, if you enable traffic shaping, you do  not also enable policing for the same traffic, although the ASA does not  restrict you from configuring this.

Because it won't make much of a sense anyways.

HTH.

-

Sourav

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card