VPN QoS

lubosbella · ‎07-10-2009

Hi,

i have c2600 router connected with ipsec VPN to ASA5520. I want to apply QoS on router, because link is congested by corporate regular traffic. I want to prioritize traffic communicating on ports 5061-5064 (voice, video...).

What can be the best QoS strategy for this scenario?

Thanks.

Joseph W. Doherty · ‎07-11-2009

Since you mention VPN, I'm assuming this is across the Internet? If true, are the Internet links used by the VPN used by other than just this one VPN connection? If so, very difficult to impossible to guarantee service.

If there's just the VPN connection across the Internet, I've found an effective QoS strategy to be to shape such that bandwidth bottlenecks are avoided except at the Internet endpoints, and for those, use CBWFQ to implement QoS to treat traffic as necessary (e.g. LLQ for real-time traffic such as VoIP).

I'm not familar with the capabilities of the ASA. What all the 2600 can do depends on the IOS.

Collin Clark · ‎07-13-2009

Like Joseph stated, if this goes over the internet, it's best effort. That being said, I have a client that was having this issue and as a test we gave priority to the remote end IP. It has resolved most of their VoIP issues over the VPN.

class-map match-all VPN-CLASS

match access-group name VPN

policy-map QOS-POLICY

class VPN-CLASS

priority 512

class class-default

fair-queue

ip access-list extended VPN

permit ip host 68.115.x.y any

permit ip any host 68.115.x.y

interface s0/0/0

service-policy output VPN-POLICY

Hope that helps.

lubosbella · ‎07-13-2009

Thank you,

maybe i should more specify conditions. In attachment is a scheme of my network.

Im not sure if it is possible to use a CBWFQ strategy because congested router have only one physical interface divided into subinterfaces and CBWFQ method dont support it officialy.

Collin your configuration is applied to ASA or C2600?

Thanks.

Collin Clark · ‎07-14-2009

It is from a 2811 running 12.4(5)