[Last Call] Learn how to a build a cloud-first strategyRegister Now


ASA 5505 QOS

Posted on 2011-05-11
Medium Priority
Last Modified: 2012-06-21
Hello All,

I've got a customer with a couple of remote offices that connected via L2L over Cisco ASA's.  In a few months we will be installing a new phone system at all of the offices.  This is not a true VOIP system but the remote phone systems will be connected to the main office via the vpn.  This will allow them to check voicemail, transfer calls, and intercom between the remote offices and the main office.

My question is:  If we have problems with call quality over some of the L2L's can I give priority to traffic coming and going between two IP addresses over the vpn?  For instance, I would like to give all traffic between and priority over any other traffic no matter how congested the vpn is.

I've looked at some of the other posts about QOS for GRE and other protocols related to phone systems but thought maybe just the IP prioritization would be easier.

Anyone have any experience with this?

Question by:VNE
LVL 16

Expert Comment

ID: 35744498
Dear, i am not Cisco Master but i am handling very similar setup.

in my case i am using Sonicwall and Alcatel. using priority its working fine.
in cisco case you have 3 option,

Create one VLAN (Voice) set high priority
you can create one group, add voice telephone ip's in group, assign priority to voice
you can use bandwidth segregation (half/half) use this option if you have more voice traffic and continus data traffic

LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 35746129
Yes you can prioritize traffic over the L2L VPN. If your voice equipment marks packets with a priority marking, then you can set a rule that looks for that marking and puts it into a priority queue.
LVL 18

Expert Comment

ID: 35746198
I'm not convinced.  Prioritizing VPN traffic over other traffic will require cooperation from the ISP.  If you're not paying then to honor QoS markings (whether it's by traffic type or any other criteria), then it's likely they're resetting any DSCP markings (or at least ignoring them) when the traffic hits their network.  This can be changed if you're dealing with a single ISP, for example using an AT&T MPLS cloud for a private WAN, but if your sites are connected over general internet connections, then you have no control over what ISP the traffic is going through and having true QoS is practically impossible.


Expert Comment

ID: 35746255
When it comes to VOIP and QOS over the internet the only thing you can do is prioritize the outbound traffic as it leaves your device and hits the Internet.  If your connection is congested or could be congested, then this will help.  But once it's on the Internet you have no control over the packets and can't have any expectation that they'll even arrive in the correct order.  

Info on setting priority through a VPN tunnel:

Author Comment

ID: 35747047
Thats what I'm wondering about irmoore.  I just need the traffic between the two phone systems to have priority over any other traffic on the L2L.

Let me talk to the phone people and see what they can do as far as marking the packets.

Thanks for your help.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question