Friday, December 4, 2009

Configuring QoS for VoIP Traffic on Cisco ASA VPN Tunnels

Based on DSCP:

priority-queue outside
queue-limit 2048
tx-ring-limit 256
!
class-map Voice
match dscp ef
class-map Data
match tunnel-group 10.1.2.1
match flow ip destination-address

policy-map Voicepolicy
class Voice
priority
class Data
police output 200000 37500

service-policy Voicepolicy interface outside


Based on ACL:

access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq h323
access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq sip
access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq 2000

access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq h323
access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq sip
access-list 105 extended permit tcp 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 eq 2000

access-group 100 in interface outside

class-map Voice-OUT
match access-list 105
class-map Voice-IN
match access-list 100

inspect h323 h225
inspect h323 ras
inspect skinny
inspect sip

policy-map Voicepolicy
class Voice-IN
class Voice-OUT
priority

service-policy Voicepolicy interface outside

Show commands to verify:

show running-config policy-map
show service-policy interface outside

For more information:

3 comments:

  1. Checkout my blog for a similar scenario.
    http://brian-kayser.blogspot.com/2010/10/doing-asa-quality-of-service-qos.html

    ReplyDelete
  2. I will must try to visit your site when will be need any software.
    vpn

    ReplyDelete
  3. Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon. vpn reviews

    ReplyDelete