ASA 5505 QOS

Posted on 2011-05-11
Last Modified: 2012-06-21
Hello All,

I've got a customer with a couple of remote offices that connected via L2L over Cisco ASA's.  In a few months we will be installing a new phone system at all of the offices.  This is not a true VOIP system but the remote phone systems will be connected to the main office via the vpn.  This will allow them to check voicemail, transfer calls, and intercom between the remote offices and the main office.

My question is:  If we have problems with call quality over some of the L2L's can I give priority to traffic coming and going between two IP addresses over the vpn?  For instance, I would like to give all traffic between and priority over any other traffic no matter how congested the vpn is.

I've looked at some of the other posts about QOS for GRE and other protocols related to phone systems but thought maybe just the IP prioritization would be easier.

Anyone have any experience with this?

Question by:VNE
    LVL 16

    Expert Comment

    Dear, i am not Cisco Master but i am handling very similar setup.

    in my case i am using Sonicwall and Alcatel. using priority its working fine.
    in cisco case you have 3 option,

    Create one VLAN (Voice) set high priority
    you can create one group, add voice telephone ip's in group, assign priority to voice
    you can use bandwidth segregation (half/half) use this option if you have more voice traffic and continus data traffic

    LVL 79

    Accepted Solution

    Yes you can prioritize traffic over the L2L VPN. If your voice equipment marks packets with a priority marking, then you can set a rule that looks for that marking and puts it into a priority queue.
    LVL 18

    Expert Comment

    I'm not convinced.  Prioritizing VPN traffic over other traffic will require cooperation from the ISP.  If you're not paying then to honor QoS markings (whether it's by traffic type or any other criteria), then it's likely they're resetting any DSCP markings (or at least ignoring them) when the traffic hits their network.  This can be changed if you're dealing with a single ISP, for example using an AT&T MPLS cloud for a private WAN, but if your sites are connected over general internet connections, then you have no control over what ISP the traffic is going through and having true QoS is practically impossible.

    LVL 9

    Expert Comment

    When it comes to VOIP and QOS over the internet the only thing you can do is prioritize the outbound traffic as it leaves your device and hits the Internet.  If your connection is congested or could be congested, then this will help.  But once it's on the Internet you have no control over the packets and can't have any expectation that they'll even arrive in the correct order.  

    Info on setting priority through a VPN tunnel:

    Author Comment

    Thats what I'm wondering about irmoore.  I just need the traffic between the two phone systems to have priority over any other traffic on the L2L.

    Let me talk to the phone people and see what they can do as far as marking the packets.

    Thanks for your help.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now