Cisco VPN Priority by IP Address

I am trying to setup QoS and Priority traffic through the outside interface on our Cisco 5505 ASA using an IP Address.

The library system that I work for has several branches that connect to the main branch through these Cisco 5505, and after talking to Cisco they said these devices can prioritize by IP address. So what I trying to do is give all traffic coming from our branch staff PC and branch staff server more priority of the of the bandwidth/outside interface and all the other traffic lower priority.

Attached is a screen shot of how I set it up. Keep in mind that I know how to setup and maintain these devices but have no idea on how to setup priorities for traffic by IP address.

Thanks!
Screenshot.png
LVL 1
philtukeyAsked:
Who is Participating?
 
RunningGagConnect With a Mentor Commented:
I'm not sure if this is available via the SDM, but you can try through there.  Depending on your version there should be a QoS setup wizard.  Before doing anything, make sure you save your running-config and back up your router.

Step 1:  Create an access list to define the traffic that you want to prioritize.  You can prefer the subnet or the vlan.

Step 2:  Associate the access-list with your queue

Step 3:  Apply it to the outside interface to enable


I'm more experienced with the router IOS so I would recommend you to the Cisco site for the correct configurations:

http://origin-www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1071334
0
 
RunningGagCommented:
I think the easiest method would be to use WRED, this will allow you to prioritize VPN traffic when your connection becomes congested.

Links to the necessary information is here:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconavd.html#wp4582
http://www.ciscosystems.com/en/US/docs/ios/12_1/qos/configuration/guide/qcdwred.html

If you have any other questions, can you please provide a screenshot with the Rule Actions section expanded so that we can see the rules that are already applied?
0
 
philtukeyAuthor Commented:
According to the links the Cisco 5500 series in not capable of WRED.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
philtukeyAuthor Commented:
I can take screen shots of all the Rule Actions for each of the 'Rules' but I if you could be more specific I can get you what you are looking for quicker.
0
 
RunningGagCommented:
Okay, option 2 is Priority Queuing:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconman.html#wp9073
http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpq.html

You can create an access list that includes the internal subnet and set it as the priority queue.


"I can take screen shots of all the Rule Actions for each of the 'Rules' but I if you could be more specific I can get you what you are looking for quicker."

I'm  looking to find out what is already being applied to the interfaces (access lists, queuing, policing, shaping, etc.), and the content of the access lists.  Make sure you blank out any passwords, addresses, names, etc.
0
 
RunningGagCommented:
I don't need GUI screen shots if you can provide the config data.
0
 
philtukeyAuthor Commented:
I can get you the config data. Do I just run 'Show Run' on the command line?
0
 
RunningGagCommented:
Yes.  

Just make sure you go through it and remove all passwords (even encrypted ones), addresses, and company specific information.
0
 
philtukeyAuthor Commented:
Ok all the password and addresses that are not public, and company information has been removed.
Show.Run.txt
0
 
philtukeyAuthor Commented:
We are upgrading our speeds at the branches and will relook at this once the speeds are updated.
0
All Courses

From novice to tech pro — start learning today.