• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 826
  • Last Modified:

Congifuring QoS on ASA 5505

Hi,

Recently our company order AT&T 50m internet service, and I need help on setting up QoS on ASA 5505. Also, I'm not sure it's good to connect 50m internet connection directly to ASA 5505.  If anyone could help me on this I would greatly appciate it.
0
ndoorsinteractive
Asked:
ndoorsinteractive
  • 2
  • 2
1 Solution
 
tiago_avizCommented:
Hello, qos on the as is configured on the service policy, right next where you configure the access policies. It's really straightforward, all you have to do is create the conditions and tell it how much bandwidth you want to reserve.
0
 
t509Commented:
Example VoIP-QoS:

! Enable a priority queue on the outside interface
ASA1(config)# priority-queue outside
ASA1(config-priority-queue)#exit

! Select VoIP traffic for prioritization
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq h323
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq sip
ASA1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 2000

ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq h323
ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq sip
ASA1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 2000

! Match the ACL and traffic with Expedited Forwarding (EF)
ASA1(config)# class-map Voice-OUT
ASA1(config-cmap)#match dscp ef
ASA1(config-cmap)#match access-list VoIP-Traffic-OUT
ASA1(config-cmap)#exit

! Match the ACL and traffic with Expedited Forwarding (EF)
ASA1(config)# class-map Voice-OUT
ASA1(config-cmap)#match dscp ef
ASA1(config-cmap)#match access-list VoIP-Traffic-OUT
ASA1(config-cmap)#exit
ASA1(config)#class-map Voice-IN
ASA1(config-cmap)#match dscp ef
ASA1(configcmap)#match access-list VoIP-Traffic-IN
ASA1(config-cmap)#exit

! Configure the actual policy that will be applied to the interface
ASA1(config)# policy-map Voice-Policy
ASA1(config-pmap)#class Voice-OUT
ASA1(config-pmapc)#priority
ASA1(config-pmapc)#exit
ASA1(config-pmap)#class Voice-IN
ASA1(config-pmapc)#priority
ASA1(config-pmapc)#exit
ASA1(config-pmap)#exit

! Apply the policy to the outside interface
ASA1(config)# service-policy Voice-Policy interface outside
0
 
t509Commented:
Above example worked for me, did this several times. It´s using LLQ, the best option for VoIP-Traffic. You can use this with 7.x and 8.x.
It´s not from me, i found it on a website.
0
 
ndoorsinteractiveAuthor Commented:
Hi t509 and tiago_aviz,

First of all thank you so much for the reply. However, I would like to ask you is there way to configure QoS to divide bandwidth for each department? So we prevent from one department to use all of the bandwidth. If that is possible can you tell me how? I'm really sorry for the bother.

Thanks!
0
 
ndoorsinteractiveAuthor Commented:
Thank you for the tip!
However, I need to setup each department to share 50m, is there way to split the 50m for each department? If you can answer my question I would greatly appreicate it.

Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now