Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1309
Views
0
Helpful
2
Replies

ASA 5506 QOS issues

Southparketeer
Level 1
Level 1

‎11-22-2017 03:42 PM - edited ‎03-03-2019 08:40 AM

Hello,

I've been migrating services from 5505 to 5506 and got isuess with QOS settings.

Generaly the original config from 5505 is accepted by 5506's CLI. The problem starts in ASDM.

Here's example of my QOS for IPSEC VPN tunnel (SERVICE1) and my SERVERS (GROUP1)

 

access-list QOS-GROUP1 extended permit ip object SERVERS object any4  

tunnel-group SERVICE1 type ipsec-l2l
tunnel-group SERVICE1 ipsec-attributes
ikev1 pre-shared-key ***

 

class-map GROUP1
match access-list QOS-GROUP1
class-map PRI-SERVICE1
match tunnel-group SERVICE1
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
policy-map OUTSIDE-QOS
class PRI-SERVICE1
priority
class GROUP1
police input 7000000 4000
police output 7000000 4000
!
service-policy global_policy global
service-policy OUTSIDE-QOS interface outside

 

The problem is that if i want to use ASDM and Service Policy Rules to modify any parameter e.g. police input or "priority" i got the following error message:

 

You have specified default inspection traffic as the traffic match criterion.

Only inspect rule actions can be specified for the default inspection traffic.

 

I can modify these parameters in ASDM for 5505 but not for 5506. Any ideas why?

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎11-22-2017 04:47 PM

Hi @Southparketeer

 

Looks like he is complaining about you are trying to change the "class inspection_default". Maybe you should create a new class and add your policy-map under it.

 

policy-map OUTSIDE-QOS
class PRI-SERVICE1
priority
class GROUP1
police input 7000000 4000
police output 7000000 4000

 

-If I helped you somehow, please, rate it as useful.-

 

0 Helpful

Southparketeer
Level 1
Level 1
In response to Flavio Miranda

‎11-23-2017 01:22 AM

Hi, I dont quite understand. I've created 2 classes:

class PRI-SERVICE1 and class GROUP1 and put them under policy-map OUTSIDE-QOS as per my earlier config. 

0 Helpful
Customers Also Viewed These Support Documents