Re: QoS with ASA

ROBERTO TACCON · ‎10-02-2006

I have 2 ASA version 7.2 with L2L IPSec VPN tunnels.

I need to configure qos across these Lan to Lan IPSec tunnels with a Rate limit policy (2 Mbps for the http traffic, 1 Mpbs for the https and 500 kbps for all other traffic)

As indicated on the http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063705d.html

QoS provides maximum rate control, or policing, for tunneled traffic for each individual user tunnel and every site-to-site tunnel. In this release, there is

no minimum bandwidth guarantee.

The security appliance can police individual user traffic within a LAN-to-LAN tunnel by configuring class-maps that are not associated with the tunnel, but

whose traffic eventually passes through the LAN-to-LAN tunnel. The traffic before the LAN-to-LAN tunnel can then be specifically policed as it passes through

the tunnel and is policed again to the aggregate rate applied to the tunnel.

The security appliance achieves QoS by allowing two types of traffic queues for each interface: a low-latency queue (LLQ) and a default queue. Only the

default traffic is subject to rate limiting.

ANY Configuration Example on this would be greatly appreciate. Thanks in advance.

s.jankowski · ‎10-06-2006

If configuring stateful failover, enable encryption and define an encryption key to be shared by all devices in the cluster. The devices in the virtual cluster communicate via LAN-to-LAN tunnels using IPSec. Enabling encryption ensures that all load-balancing information communicated between them is encrypted.