Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Congifuring QoS on ASA 5505

Posted on 2010-11-09
5
Medium Priority
?
805 Views
Last Modified: 2012-07-09
Hi,

Recently our company order AT&T 50m internet service, and I need help on setting up QoS on ASA 5505. Also, I'm not sure it's good to connect 50m internet connection directly to ASA 5505.  If anyone could help me on this I would greatly appciate it.
0
Comment
Question by:ndoorsinteractive
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
tiago_aviz earned 750 total points
ID: 34098430
Hello, qos on the as is configured on the service policy, right next where you configure the access policies. It's really straightforward, all you have to do is create the conditions and tell it how much bandwidth you want to reserve.
0
 
LVL 4

Expert Comment

by:t509
ID: 34136183
Example VoIP-QoS:

! Enable a priority queue on the outside interface
ASA1(config)# priority-queue outside
ASA1(config-priority-queue)#exit

! Select VoIP traffic for prioritization
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq h323
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq sip
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 2000

ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq h323
ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq sip
ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 2000

! Match the ACL and traffic with Expedited Forwarding (EF)
ASA1(config)# class-map Voice-OUT
ASA1(config-cmap)#match dscp ef
ASA1(config-cmap)#match access-list VoIP-Traffic-OUT
ASA1(config-cmap)#exit

! Match the ACL and traffic with Expedited Forwarding (EF)
ASA1(config)# class-map Voice-OUT
ASA1(config-cmap)#match dscp ef
ASA1(config-cmap)#match access-list VoIP-Traffic-OUT
ASA1(config-cmap)#exit
ASA1(config)#class-map Voice-IN
ASA1(config-cmap)#match dscp ef
ASA1(configcmap)#match access-list VoIP-Traffic-IN
ASA1(config-cmap)#exit

! Configure the actual policy that will be applied to the interface
ASA1(config)# policy-map Voice-Policy
ASA1(config-pmap)#class Voice-OUT
ASA1(config-pmapc)#priority
ASA1(config-pmapc)#exit
ASA1(config-pmap)#class Voice-IN
ASA1(config-pmapc)#priority
ASA1(config-pmapc)#exit
ASA1(config-pmap)#exit

! Apply the policy to the outside interface
ASA1(config)# service-policy Voice-Policy interface outside
0
 
LVL 4

Expert Comment

by:t509
ID: 34136200
Above example worked for me, did this several times. It´s using LLQ, the best option for VoIP-Traffic. You can use this with 7.x and 8.x.
It´s not from me, i found it on a website.
0
 

Author Comment

by:ndoorsinteractive
ID: 34148515
Hi t509 and tiago_aviz,

First of all thank you so much for the reply. However, I would like to ask you is there way to configure QoS to divide bandwidth for each department? So we prevent from one department to use all of the bandwidth. If that is possible can you tell me how? I'm really sorry for the bother.

Thanks!
0
 

Author Closing Comment

by:ndoorsinteractive
ID: 34162002
Thank you for the tip!
However, I need to setup each department to share 50m, is there way to split the 50m for each department? If you can answer my question I would greatly appreicate it.

Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question