cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Applying QoS over IPSEC VPN tunnel to voice traffic on ASA 5512x (ver 8.6)

Brianosaurus
Level 1
Level 1

I am looking to get some help in setting up QoS for voice traffic over a site to site IPSEC VPN tunnel.  My goal is to prioritize VoIP traffic over the tunnel so that we do not get any dropped calls / disconnects / poor call quality.  

Current setup is

 

(Branch)---ASA5512x----------Internet VPN Tunnel--------ASA5512x---(HQ)

 

Information about the VPN tunnel:

- Used mostly for VoIP traffic (about 20 users) that communicates to the Cisco UCS in HQ

- Some DATA traffic may go across the line, but not anything extensive

- Internet traffic goes out locally (Not tunneled)

 

Here is a snapshot of the VPN tunnel config (I have scrubbed clean most of the sensitive data:

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-3DES-MD5
crypto map TUNNELMAP 10 match address TUNNEL
crypto map TUNNELMAP 10 set peer X.X.X.X Y.Y.Y.Y
crypto map TUNNELMAP 10 set ikev1 transform-set ESP-3DES-MD5
crypto map TUNNELMAP interface Outside
crypto ikev1 enable Outside
crypto ikev1 policy 15
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400

 

 

tunnel-group LSSC-VPN type ipsec-l2l
tunnel-group VPN_Tunnel type ipsec-l2l
tunnel-group VPN_Tunnel ipsec-attributes
 ikev1 pre-shared-key ****


tunnel-group VPN_Tunnel_backup type ipsec-l2l
tunnel-group VPN_Tunnel_backup ipsec-attributes
 ikev1 pre-shared-key ****

 

policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
 

Who Me Too'd this topic