asked on
QoS on Cisco ASA 5520
I have apporx 200 users on a remote site.
They connect to the central site with two site-to-site ipsec vpns.
All applications are running as published applications on a citrix farm at the central site.
I want enable priority for the traffic going to and from the remote site
I see that it is possible to add a service policy, specify tunnel-group as match criteria and check the "enable priority for this flow" box. That is OK, i can do this for each tunnel-group.
First question:
Under "Configuration - Device Management - Advanced - Priority queue" i have to configure priority queue parameters on a interface. In this scenario, should i use the Outside interface? And i see that the default values are: Queue limit 2048 and Transmission ring limit 512. Is there a rule of thumb or something like when setting theese values?
Second question:
It seemes a bit weird to just put priority on the tunnel-groups, i would really like to specify what i want to put priority on. So, keeping in mind that the traffic is going to and from the central environment over ipsec, is it possible to just define a outside-policy and one class for each tcp/udp port i want to enable priority on?
Third question:
if i am far off, what do you think i should do with my ASA 5520 to implement some kind of QoS for my citrix traffic to and from the remote site?
They connect to the central site with two site-to-site ipsec vpns.
All applications are running as published applications on a citrix farm at the central site.
I want enable priority for the traffic going to and from the remote site
I see that it is possible to add a service policy, specify tunnel-group as match criteria and check the "enable priority for this flow" box. That is OK, i can do this for each tunnel-group.
First question:
Under "Configuration - Device Management - Advanced - Priority queue" i have to configure priority queue parameters on a interface. In this scenario, should i use the Outside interface? And i see that the default values are: Queue limit 2048 and Transmission ring limit 512. Is there a rule of thumb or something like when setting theese values?
Second question:
It seemes a bit weird to just put priority on the tunnel-groups, i would really like to specify what i want to put priority on. So, keeping in mind that the traffic is going to and from the central environment over ipsec, is it possible to just define a outside-policy and one class for each tcp/udp port i want to enable priority on?
Third question:
if i am far off, what do you think i should do with my ASA 5520 to implement some kind of QoS for my citrix traffic to and from the remote site?
CiscoHardware Firewalls
Last Comment
Reset_