Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
0
Replies

ASA QoS for RA VPN traffic

marijanac
Level 1
Level 1

‎05-30-2011 06:30 AM

Hi!

I need help to configure QoS for RA VPN tunnel terminated on Cisco ASA 5505,v8.3. I want to give remote users priority over other traffic. Since I have dsl modem behind Cisco ASA, I have to shape traffic on ASA also.

I configured ASA using trafffic shaping and hierarchical priority queuing. I classified traffic based on tunnel group. Here is configuration:

class-map DM_INLINE_Child-Class

match tunnel-group bigvpn

!

!

policy-map DM_INLINE_Child-Policy

class DM_INLINE_Child-Class

  priority

policy-map outside-policy

class class-default

  shape average 512000

  service-policy DM_INLINE_Child-Policy

service-policy outside-policy interface outside

After I applied this policy, I tested it. I was uploading some other traffic out and in the same time made remote vpn connection to ASA. The result was bad since vpn traffic suffered and was not prioritized over other traffic.I found in ASA config guide,among other things, that there is restriction :

For hierarchical priority queuing, for encrypted VPN traffic, you can only match traffic based on the DSCP or precedence setting; you cannot match a tunnel group.

Does it mean that I can not classify RA VPN traffic using tunnel group? Is there any other way to classify RA VPN traffic and give it a priority? How to mark it with DSCP value?

Also, can someone tell me what is the best way to monitor QoS? I know there is show service policy command but this command does not give me accurate information about configured QoS.

Thanks in advance,

Dejan

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents