Solved

Prioritize traffic by external ip address

Posted on 2006-07-21
7
391 Views
Last Modified: 2010-04-08
Is there anyway to prioritize traffic through a PIX 515e by someones external ip address.

We have one person working from home and would like all the traffic that he is pulling out of our facility to have a higher priority than everything else.  Is this possible?


Thank you.
0
Comment
Question by:cbones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17159952
First you have to have PIX OS 7.x loaded, then you can configure a priority policy with an acl attached to it that matches the traffic you want to give priority
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17159954
if you need an example I can post one
0
 

Author Comment

by:cbones
ID: 17159984
Can you please post an example of priority traffic?

Thank you very much for your help!
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17161201
will when i get into work later today....btw, you do have version 7.x OS on your firewall right?   if not, you don't have the ability to configure priority.  and even though you can upgrade to 7.x on that PIX, there is a lot of changes that happened from 6.x to 7.x so you'd need to research the changes before upgrading.

but i'll be posting my example in a little bit
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 250 total points
ID: 17170383
k, sorry it took so long, here ya go

first create an acl to match the traffic you want to give priority

class-map <class name>
 match access-list <acl to match to>

policy-map <policy name>
 class <class name>
  priority

service-policy <policy name> interface outside

priority-queue outside
  queue-limit   200
  tx-ring-limit 100

this will take a little while to take effect too btw.   Also all this does is move this traffic into another queue that has priority over the default best-effort queue.  If you setup a lot of priority classes, all of them have the same priority; unlike routers which can be configured with much better priority queuing (0-7 level)
0
 

Author Comment

by:cbones
ID: 17178127
Thank you for your help.  The current pix we have does not have version 7 but a lower version 6.3...
I am looking into upgrading or purchasing a new pix with the latest software.

Thank you again for your time.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17178733
no problem.....keep in mind though that going from 6.3 to 7.x there are a lot of changes that happened
pptp is gone -> ipsec only
conduits are gone -> acl only
vpngroup are gone ->you now have group-policy and  tunnel-group
ip address <int> is gone -> interfaces are handled like on routers now

basically I can't stress enough to do the research.  And depending upon the complexity of your config it may just be easier to re-write it and start from scratch in 7.x
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question