Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
3
Replies

ASA Traffic Shaping

TMaster100
Level 1
Level 1

‎08-27-2018 04:19 PM - edited ‎02-21-2020 08:09 AM

Hello Cisco Guru's,

 

As a start i am no expert at ASA's but manage to find my way around them, i apologize in advance if my question seems dumb.

 

I have a new 50Mbit/s synchronous link over fibre that the provider implements heavy traffic policing, with this they suggested i setup some shaping on our ASA to 47Mbit's with 50Mbit's bursts, i am hoping i have done this correctly.   This is on an ASA 5520.

 

object network PABX

 host 192.168.3.50

object network VOIP

 subnet x.x.x.0 255.255.255.0

object-group service SIP-Trunks tcp-udp

 port-object range 10020 10067

 port-object eq sip

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

 

!

access-list outside_access_in extended permit object-group TCPUDP object VOIP object PABX

object-group SIP-Trunks

!

access-list global_mpc extended permit object-group TCPUDP 192.168.3.0

!

class-map DM_INLINE_Child-Class

 match access-list global_mpc

!

policy-map DM_INLINE_Child-Policy

 class DM_INLINE_Child-Class

  priority

policy-map outside-policy

 class class-default

  shape average 47000000 50000000

  service-policy DM_INLINE_Child-Policy

!

service-policy outside-policy interface outside

 

 

In addition i have setup voice traffic (SIP and RTP) for traffic prioritization, hoping i have done this correctly too.

 

Your help is much appreciated.

 

 

 

 

0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎08-27-2018 04:25 PM

Hi

The goal is to limit to 50Mbps the voice traffic or limit all traffic and have voice prioritized?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

TMaster100
Level 1
Level 1
In response to Francesco Molino

‎08-27-2018 04:27 PM - edited ‎08-27-2018 04:28 PM

Yes, you are absolutely correct. We need to shape all traffic to 50Mbps but prioritize Voice.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to TMaster100

‎08-27-2018 05:56 PM

Commans are ok except the bust value.
Bust is a total of bits sent over a specific time.
I recommend you read the following articles:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s1.html

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html#anc6

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card