Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1529
Views
0
Helpful
2
Replies

QOS configuration on ASA 5505

ray_stone
Level 1
Level 1

‎12-20-2009 05:59 AM - edited ‎03-11-2019 09:50 AM

Hello Experts,

We have 2MB leased line dedicated (1:1) and around 10 remote sites are connected vis STS IP Sec Tunnel. There is no QOS configured. Now what I ant i.e. 85 % bandwidth I want to reserve for all remote sites and 15 % for internet request (Web Surfing or download e-mails).

Can anyone post the configuration?

Thanks!!!!

Labels:
0 Helpful
2 Replies 2

PAUL GILBERT ARIAS
Level 5
Level 5

‎12-21-2009 06:29 AM

I think this can be done using MPF, here is a link that explain how to perform bandwidth management on the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

I hope it helps.

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee

‎12-21-2009 06:44 AM 

If you are running 7.2.4 and above:

Sample VPN traffic:

access-list vpn_traffic extended permit ip 10.10.10.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list vpn_traffic extended permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

These two classes match vpn and voice traffic.  You can remove voice traffic if you like.
!
class-map vpn-traffic
 match access-list vpn_traffic
class-map voice-traffic
 match dscp af13  af31  ef
!
policy-map qos_class_policy
 class vpn-traffic
  priority
 class voice-traffic
  priority
!
policy-map qos_outside_policy
 class class-default
  shape average 16777216          <---- traffic shaping config is here
  service-policy qos_class_policy < ---- priority queueing config is here
!
service-policy qos_outside_policy interface outside

Reference link:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1.html#wp1399177

If you are running below 7.2.4 where shaping wasn't introduced you can follow the same here:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/qos.html#wp1051164

Configuring QoS Policing and Priority Queuing 

hostname(config)# class-map VPN

hostname(config-cmap)# description "This class-map matches traffic for tunnel-grp 1"

hostname(config-cmap)# match tunnel-group tunnel-grp1


hostname(config-cmap)# policy-map qos

hostname(config-pmap)# class VPN

hostname(config-pmap-c)# priority

hostname(config-pmap-c)# class class-default

hostname(config-pmap-c)# police output 2516480 37500 ----> 15% for internet traffic

hostname(config-pmap-c)# service-policy qos interface outside

hostname(config)# priority-queue outside

hostname(config-priority-queue)# queue-limit 2048

hostname(config-priority-queue)# tx-ring-limit 256

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card