i have ipsec l2l VPN over internet, I wander if there is default policy in ASA for making ipsec traffic with higher priority?
My question basically is, if one of packet from two packets must be dropped, which one will it be ipsec or any other? what is the default?
Cisco ASA – Traffic Policy (QoS) for IPsec VPN Tunnels
cisco-asaipsecpolicingqosvpn
Related Topic
- How to implement Traffic Policing between two ASAs for IPSec traffic
- IPsec VPN – How is the Pre-Shared Key Encrypted?
- Cisco ASA – Terminating Over 5000 IPSec VPN Connections
- QoS DSCP AF Class Comparisons
- VPN – How to Propagate VLAN Through IPsec VPN?
- Cisco ASA VPN – Remote LANs Have No Internet Access
- Routing – Configuring IPsec VPN and TTL
Best Answer
It depends on what the real bottleneck is, where it is located and if you have any QoS treatments in place.
Assuming the bottleneck is the available bandwidth by the provider and you have no treatments in place, both packets will exit out of your Firewall and the provider makes a decision on whether to drop the traffic.
Both packets ingress their respective interfaces. One into the tunnel and another for the outside interface. The firewall sees these as two logical interfaces though they are the same physical interface. Since both interfaces can handle the traffic, both packets exit, unchallenged.
Again the circuit provider will do what it wants with the traffic.