Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
3
Replies

ASA QoS Priority

Go to solution
mohdkadie
Level 1
Level 1

‎05-27-2013 11:21 PM - edited ‎03-11-2019 06:50 PM

Hey,

i have one question!

i established VPN between 2 sites allowing VOIP thru the tunnel

my internet speed is 4Mbps

i want to give priority for VOIP and E-mail (SMTP,POP3) during congestion while dropping other packets

does my Configuration fit my scenario ? does this mean when congestion occur, priority traffic while transmit First ??

Thanks

access-list e-mail-qos line 1 extended permit tcp x.x.x.x 255.255.255.0 any eq smtp (hitcnt=3) 0x82c5c9dc

access-list e-mail-qos line 2 extended permit tcp x.x.x.x 255.255.255.0 any eq 587 (hitcnt=12) 0xa01c0a77

access-list e-mail-qos line 3 extended permit tcp xxxxx 255.255.255.0 any eq pop3 (hitcnt=71) 0x49e769fb

access-list e-mail-qos line 4 extended permit tcp xxxxx.0 255.255.255.0 any eq 993 (hitcnt=5) 0xdc9da253

access-list e-mail-qos line 5 extended permit tcp xxxxx 255.255.255.0 any eq 995 (hitcnt=0) 0x19722cfa

access-list e-mail-qos line 6 extended permit tcp xxxxx 255.255.255.0 any eq imap4 (hitcnt=692) 0xa6255182

access-list REMARK-DSCP-VOICE; 8 elements; name hash: 0x317acd62

access-list REMARK-DSCP-VOICE line 1 extended permit udp xxxxxx 255.255.255.0 eq sip host 192.168.2.100 (hitcnt=0) 0x4eb1b7b0

access-list REMARK-DSCP-VOICE line 2 extended permit udp xxxxxx 255.255.255.0 range 16384 32767 host 192.168.10.100 (hitcnt=0) 0xe05393fc

access-list REMARK-DSCP-VOICE line 3 extended permit udp xxxxx 255.255.255.0 eq sip host 192.168.10.100 (hitcnt=0) 0xed1bb356

class-map e-mail-qos

match access-list e-mail-qos

class-map voice_traffic

match access-list REMARK-DSCP-VOICE

policy-map QoS

class voice_traffic

  priority

class e-mail-qos

  priority

class class-default

  police output 4000000

priority-queue outside

  queue-limit   512

  tx-ring-limit 128

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Phirsov
Level 7
Level 7

‎05-28-2013 12:42 AM

I think the ACL for voip traffic should include both directions, so you sould add reverse entries.

Or, wich looks better to me, you can match voip traffic in the class map using dscp bit. Smth like this:

class-map VOIP

match dscp ef

For email-related traffic it's ok.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andrew Phirsov
Level 7
Level 7

‎05-28-2013 12:42 AM

I think the ACL for voip traffic should include both directions, so you sould add reverse entries.

Or, wich looks better to me, you can match voip traffic in the class map using dscp bit. Smth like this:

class-map VOIP

match dscp ef

For email-related traffic it's ok.

0 Helpful

Go to solution
Andrew Phirsov
Level 7
Level 7
In response to Andrew Phirsov

‎05-28-2013 12:53 AM

Plus, cause priority queuing works only in outbound direction, you should apply (at least for voin) the policy map on both interfaces, or globaly.

0 Helpful

Go to solution
mohdkadie
Level 1
Level 1
In response to Andrew Phirsov

‎05-28-2013 01:04 AM

thx

actually i applied the QoS in the outside (outbound) direction

so i guess everything is working fine

Thanks =)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card