10-13-2005 07:51 AM - edited 02-21-2020 12:28 AM
Hi
Is it possible to do some kind of QoS in the pix to prioritize traffic going into Lan2Lan-tunnels over other outgoing traffic to internet?
Regards Jimmy
10-13-2005 08:43 PM
AFAIK it is not possible to mark on the PIX but PIX will copy the ToS frm IP header to the VPN header. If you have a router bfor the PIX, you can do the marking there
10-13-2005 09:32 PM
Picked this from
http://www.ciscopress.com/articles/article.asp?p=379751&rl=1
Prior to PIX 7.0, a Cisco security appliance could inspect and forward traffic only in a best-effort fashion. The first packets into a firewall would be the first packets coming out, regardless of the application being used or the urgency of the traffic.
PIX 7.0 introduces priority queuing on firewall interfaces, so that urgent or time-sensitive traffic can be identified and placed in a strict priority queue. The firewall always makes sure that any packets in a priority queue are sent before any
others. This is an important feature for applications like voice and video, where packets must be delivered in a consistently prompt fashion, without being affected by other traffic passing through the firewall.
Specific traffic can also be identified and held within configured bandwidth constraints. This is known as policing, a handy tool that can be used to keep less desirable or less important applications from hogging the links coming from a firewall.
HTH
10-15-2005 01:46 AM
Richard
CCIE | NNCSE
member --- HSTRA
//
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide