I am trying to set up a simplistic QoS policy on our ASA 5505 device. I cannot get the thing to work for the life of me. Basically we want to make sure that all outbound VoIP traffic is prioritized above all other traffic. FYI our PBX box is outside of the LAN.
I am also trying to do this entirely in ASDM. So far I have mostly been able to avoid CLI. However I am open to suggestions in CLI.
I've gone into Config -> Firewall -> Service Policy Rules and configured the same policy (on both inside interface and outside interface, although I believe it is the inside one that matters here). The policy is:
MATCH Source: inside-network/24 Destination: any Service: voip-group Rule action: QoS enable priority for this flow.
I have configured the source service as voip-group as well (I want it to know that packets using services in voip-group sent from inside-network should be prioritized).
It is not working.
Please help! I can provide more info if you tell me what to provide.
EDIT 0: I have gone into the Packet Tracer and watched the slick little animation to no avail. It does not have a QOS step leading me to think that the rule is not applied.
Best Answer
To begin -- simple is not a word that should be used to describe Quality of Service. The entire word itself is a loaded term.
Instead of rehashing a lot of details about ASA QoS here, reference this answer.
Below is the ASA 8.4 CLI necessary to create a priority queue and handle a specific volume of calls based on a certain bitrate.
show service-policy flow
.Numbers used for
queue-limit
andtx-ring-limit
determined using the worksheet in the configuration guide and then massaged. The numbers used here could be drastically different depending on your requirements.outside-policy
can be assigned to theoutside
interface and you can still implement aglobal-policy
that is by its nature assigned to theoutside
interface as well -- as long as there are not QoS actions on any of the class's listed in theglobal-policy
. The QoS actions of theoutside-policy
will be in effect and the non-QoS actions (inspects, etc.) of theglobal-policy
will stay effect.You can view priority-queue statistics with
show priority-queue statistics outside
.You can verify that the traffic itself will hit the priority queue with a command like
show service-policy flow host 10.0.0.100 host 1.2.3.4
which will show you how the existing service policies on all interfaces would react to the traffic specified.