[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco ASA 5520 QoS Priority with Outbound Policing Policy

Posted on 2011-05-02
Medium Priority
Last Modified: 2012-06-22
Recently I configured my ASA so that it matches my 100Mbit upload at a Gigabit Uplink and its working perfect (no longer dropping packets).

Now I need the above solution to work with priority queues, and not reserving bandwidth.

What I want is to be able to use my full 100MBit as I do now, but if certain traffic types are used, they get a priority, not always 100% but a certain percentage or a certain limit.

Example If im downloading via Newsgroup, Microsoft Download Manager, or plain browser and thats all, I want my full 100Mbit available, but if Im downloading and playing Wow, or NetFlix, or on the phone, I want to give a priority to the traffic, but not kill it off, also SIP Phones via SIP/H323 etc

Mind sending me an example of the service policy Id use, couple example?
Question by:TestMonkey
  • 2
LVL 18

Expert Comment

ID: 35504116
AFAIK, you can't do the classification and prioritization in the ASA.  The ASA can honor DSCP information sent from other devices and pass that through properly, but unless your ISP is marking traffic, or unless you put a router in front of the firewall to classify and mark traffic, I'm not sure you can accomplish what it sounds to me like you're looking for.
LVL 18

Accepted Solution

jmeggers earned 2000 total points
ID: 35504421
I stand (somewhat) corrected.  You can use ACLs to identify traffic and apply to a class-map, but whether there are enough differences in the traffic you want to identify to allow you to separate out different classes, I don't know.  Also, the ASA only supports priority queueing, policing and shaping.  Based on what you describe, you could identify SIP traffic and place that in the priority queue.  For other traffic, though, you may have a harder time identifying the traffic, especially if it's really just HTTP.  For example, I haven't investigated Netflix traffic to see if it runs over an identifiable port or if it's just HTTP.

You can look at the config guide at http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1074879

Also there are some tech notes that may help such as http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question