Re: [sipx-users] Is my Cisco ASA configurations correct?

Fri, 08 Jan 2010 13:42:58 -0800 

Robert, I'd attack this a different way...

Here's a layered QOS configuration that I've used that might be
helpful...

access-list 100 permit ip any local.site.ip 0.0.0.255
access-list 100 permit ip any remote.site.ip 0.0.0.255
access-list 100 permit ip local.site.ip 0.0.0.255 any
access-list 100 permit ip remote.site.ip 0.0.0.255 any

class-map match-any Site
 match access-group 100
class-map match-any Voice
 match ip dscp ef
 match ip dscp cs6
 match ip dscp 44

policy-map ThreeMB
 class Voice
  bandwidth percent 30
  set ip dscp ef
 class class-default
  fair-queue
  random-detect

policy-map QOS
 class Site
  shape average 3000000
  bandwidth 2800
  service-policy ThreeMB

What this does is matches any voice traffic set for DSCP 46, 44 or Class
of Service 6, reserves up to 30% of the bandwidth for a given link and
dumps the rest to the a lower priority.  Forces all outbound traffic to
dscp ef (46).

Then it shapes the traffic for a 3 Mbps link (bandwidth setting 2800
(~10% less than full capacity) but shaping on 3000000).

This is useful when Ethernet ports in routers are used or MPLS
connections where your connections to certain destinations need to be
specified.

Hope that helps.

Thanks,
        Mike


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Robert B
Sent: Friday, January 08, 2010 10:33 AM
To: Sen Heng
Cc: [email protected]
Subject: Re: [sipx-users] Is my Cisco ASA configurations correct?

I curse Cisco... :)

I'm not sure what you mean by making RTP bypass the NAT. You mean how to

get RTP through the firewall successfully? I've done that on many other 
firewalls... I'm not immediately sure how multi-site/teleworker would be

impacted by this. It's just a basic port range forward...

Could you clarify?

-- Robert



On 1/8/2010 9:17 AM, Sen Heng wrote:
> prioritization 5060/5080 is ok.
> I think how to make RTP bypass NAT is more important. I havn't got 
> time to test but maybe use SBC or NAT 0 (bypass NAT on ASA) to get RTP

> pass through.
> prioritization RTP is same with you did before.
> Please let me know which way you get multi-site/teleworker working. 
> Because all customer here use Cisco ASA.
>
>

_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to