Cisco ASA 5505 Configuration Manual page 1067

Chapter 49 Configuring QoS
One side-effect of priority queueing is packet re-ordering. For IPSec packets, out-of-order packets that
Note
are not within the anti-replay window generate warning syslog messages. These warnings are false
alarms in the case of priority queueing. You can configure the IPSec anti-replay window size to avoid
possible false alarms. See the Configuration > VPN > IPSec > IPSec Rules > Enable Anti-replay window
size option in the
Traffic shaping is not supported on the ASA 5580.
Detailed Steps
Step 1 Configure a service policy on the Configuration > Firewall > Service Policy Rules pane according to
Chapter 29, "Configuring a Service Policy."
You can configure QoS as part of a new service policy rule, or you can edit an existing service policy.
For traffic shaping, all traffic on an interface must be shaped. You can only use the class-default class
map, which is automatically created by the adaptive security appliance, and which matches all traffic.
You cannot configure a separate traffic shaping rule on the same interface for which you configure a
priority queueing rule (see the
section on page
the traffic shaping rule. You also cannot configure traffic shaping for the global policy if you also enable
priority queueing on any interfaces.
In the Rule Actions dialog box, click the QoS tab.
Step 2
Click Enable traffic shaping, and configure the following fields:
Step 3
•
•
(Optional) To configure priority queueing for a subset of shaped traffic:
Step 4
a.
b.
c.
d.
e.
Note
Click Finish. The service policy rule is added to the rule table.
Step 5
OL-20339-01
"Adding Crypto Maps" section on page
49-7); you can, however, configure priority queueing for a subset of shaped traffic under
Average Rate—Sets the average rate of traffic in bits per second over a given fixed time period,
between 64000 and 154400000. Specify a value that is a multiple of 8000.
Burst Size—Sets the average burst size in bits that can be transmitted over a given fixed time period,
between 2048 and 154400000. Specify a value that is a multiple of 128. If you do not specify the
Burst Size, the default value is equivalent to 4-milliseconds of traffic at the specified Average Rate.
For example, if the average rate is 1000000 bits per second, 4 ms worth = 1000000 * 4/1000 = 4000.
Click Enforce priority to selected shape traffic.
Click Configure to identify the traffic that you want to prioritize.
You are prompted to identify the traffic for which you want to apply priority queueing.
After you identify the traffic (see the
page 29-8), click Next.
Click Enable priority for this flow.
Click Finish.
You return to the QoS tab.
For this type of priority queueing, you do not need to create a priority queue on an interface
(Configuration > Properties > Priority Queue).
"Creating a Policy for Standard Priority Queueing and/or Policing"
"Adding a Service Policy Rule for Through Traffic" section on
Cisco ASA 5500 Series Configuration Guide using ASDM
63-10.
Configuring QoS
49-9