Cisco VPN Priority by IP Address

I am trying to setup QoS and Priority traffic through the outside interface on our Cisco 5505 ASA using an IP Address.

The library system that I work for has several branches that connect to the main branch through these Cisco 5505, and after talking to Cisco they said these devices can prioritize by IP address. So what I trying to do is give all traffic coming from our branch staff PC and branch staff server more priority of the of the bandwidth/outside interface and all the other traffic lower priority.

Attached is a screen shot of how I set it up. Keep in mind that I know how to setup and maintain these devices but have no idea on how to setup priorities for traffic by IP address.

Thanks!
Screenshot.png
LVL 1
philtukeyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RunningGagCommented:
I think the easiest method would be to use WRED, this will allow you to prioritize VPN traffic when your connection becomes congested.

Links to the necessary information is here:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconavd.html#wp4582
http://www.ciscosystems.com/en/US/docs/ios/12_1/qos/configuration/guide/qcdwred.html

If you have any other questions, can you please provide a screenshot with the Rule Actions section expanded so that we can see the rules that are already applied?
0
philtukeyAuthor Commented:
According to the links the Cisco 5500 series in not capable of WRED.
0
philtukeyAuthor Commented:
I can take screen shots of all the Rule Actions for each of the 'Rules' but I if you could be more specific I can get you what you are looking for quicker.
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

RunningGagCommented:
Okay, option 2 is Priority Queuing:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconman.html#wp9073
http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpq.html

You can create an access list that includes the internal subnet and set it as the priority queue.


"I can take screen shots of all the Rule Actions for each of the 'Rules' but I if you could be more specific I can get you what you are looking for quicker."

I'm  looking to find out what is already being applied to the interfaces (access lists, queuing, policing, shaping, etc.), and the content of the access lists.  Make sure you blank out any passwords, addresses, names, etc.
0
RunningGagCommented:
I don't need GUI screen shots if you can provide the config data.
0
philtukeyAuthor Commented:
I can get you the config data. Do I just run 'Show Run' on the command line?
0
RunningGagCommented:
Yes.  

Just make sure you go through it and remove all passwords (even encrypted ones), addresses, and company specific information.
0
philtukeyAuthor Commented:
Ok all the password and addresses that are not public, and company information has been removed.
Show.Run.txt
0
RunningGagCommented:
I'm not sure if this is available via the SDM, but you can try through there.  Depending on your version there should be a QoS setup wizard.  Before doing anything, make sure you save your running-config and back up your router.

Step 1:  Create an access list to define the traffic that you want to prioritize.  You can prefer the subnet or the vlan.

Step 2:  Associate the access-list with your queue

Step 3:  Apply it to the outside interface to enable


I'm more experienced with the router IOS so I would recommend you to the Cisco site for the correct configurations:

http://origin-www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1071334
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philtukeyAuthor Commented:
We are upgrading our speeds at the branches and will relook at this once the speeds are updated.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.