Configuring QoS for VoIP Traffic on Cisco ASA VPN Tunnels

Friday, December 4, 2009

Configuring QoS for VoIP Traffic on Cisco ASA VPN Tunnels

Based on DSCP:

priority-queue outside

queue-limit 2048

tx-ring-limit 256

class-map Voice

match dscp ef

class-map Data

match tunnel-group 10.1.2.1

match flow ip destination-address

policy-map Voicepolicy

class Voice

priority

class Data

police output 200000 37500

service-policy Voicepolicy interface outside

Based on ACL:

access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq h323

access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq sip

access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq 2000

access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq h323

access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq sip

access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq 2000

access-group 100 in interface outside

class-map Voice-OUT

match access-list 105

class-map Voice-IN

match access-list 100

inspect h323 h225

inspect h323 ras

inspect skinny

inspect sip

policy-map Voicepolicy

class Voice-IN

class Voice-OUT

priority

service-policy Voicepolicy interface outside

Show commands to verify:

show running-config policy-map

show service-policy interface outside

For more information:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml

Cisco Network Engineer Blog

Friday, December 4, 2009

Configuring QoS for VoIP Traffic on Cisco ASA VPN Tunnels

0 comments:

Post a Comment

Blog Archive

Links