Friday, December 4, 2009

Configuring QoS for VoIP Traffic on Cisco ASA VPN Tunnels

Based on DSCP:

priority-queue outside
queue-limit 2048
tx-ring-limit 256
!
class-map Voice
match dscp ef
class-map Data
match tunnel-group 10.1.2.1
match flow ip destination-address

policy-map Voicepolicy
class Voice
priority
class Data
police output 200000 37500

service-policy Voicepolicy interface outside


Based on ACL:

access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq h323
access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq sip
access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq 2000

access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq h323
access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq sip
access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq 2000

access-group 100 in interface outside

class-map Voice-OUT
match access-list 105
class-map Voice-IN
match access-list 100

inspect h323 h225
inspect h323 ras
inspect skinny
inspect sip

policy-map Voicepolicy
class Voice-IN
class Voice-OUT
priority

service-policy Voicepolicy interface outside

Show commands to verify:

show running-config policy-map
show service-policy interface outside

For more information:

2 comments:

  1. Checkout my blog for a similar scenario.
    http://brian-kayser.blogspot.com/2010/10/doing-asa-quality-of-service-qos.html

    ReplyDelete
  2. I will must try to visit your site when will be need any software.
    vpn

    ReplyDelete