Double Check QoS Configuration / Review Please

Hey group, I am working on getting some QoS on our network and today was my first shot and I wanted to have the experts double check my work please as I'm not 100% on some mappings etc. Our setup is as follows:

SA540 (Site 1)  IP/SEC VPN  SA 540 (Site 2)  TC Server at Site 2 on VLAN2

I understand that QoS is applied to the WAN interface and the VPN tunnels correct? So in this case I need the traffic optimized for going over the VPN tunnel. I am using for this exercise RDC on TCP 3389.

SA540 Site 2

Firewall --> Services --> Add --> RDC / TCP / Start and End Port 3389

Networking --> QoS --> WAN --> Upstream 4439 (85% of total) --> Downstream 38097 (85% of total) --> Bandwidth Profiles --> "Remote Desktop" --> Bandwidth Range -->Min 256k Max 756k --> Priority "High"

Networking --> QoS --> Traffic Selection --> "Details" RDC "Traffic Selector" DSCP:24 "Bandwidth Profile Name" Remote Desktop

Networking --> QoS --> LAN QoS --> "Enabled" --> Port 1 Classify Using: CoS

Networking --> QoS --> Port QoS Mapping --> Port 0 --> Highest

(Here I assume that Port 0 is actually LAN Port 1 as it is labeled on the machine? LAN Port 1 is connected to a switch which feeds everything else.

Networking --> QoS --> Port DSCP Mapping --> 16 / Medium -- > 24 / Highest (Everything else set to Low)

Networking --> QoS --> Enable CoS to DSCP? "Enabled"  --> 2 / 16  and 3 / 24


Please let me know if this looks good to you guys. I have RDC a High Priority because I want to give SIP traffic the URGENT priority. I also assume the QoS has to be identical on both firewalls and all the downstream switches as well? Thanks guys really appreciate the feedback!!


Hello Mr. Mccullough,

Thank you for your question.

However, you have posted it on the wrong forum, please post it on small business Security forum, in order to get a better response. You can move your post using the Actions panel on the right.

Best regards,

Diego Rodriguez

Cisco Small Business Community Engineer Best regards,

Juan Diego, Thank you I have moved it accordingly. Regards!