Hi Dick and well-received to this my first touched in the head normal on the IPexpert Blog. in the utter I’m succeeding to reflex touched in the head here with a multipart normal on Quality of Service respecting VPN’s.
Part 1 on attention on the VPN QoS respecting the ASA firewall, with Part 2 covering VPN QoS respecting IOS routers. So lets start on diving linear into the ASA. Traffic in the Priority court on be processed and transmitted in authorized of all other conveyance.
Firstly, lets arrogate a merry look at what Quality of Service features are accessible respecting the ASA:
Priority or Low Latency Queueing – This is the fundamental method tempered to when dealing with conveyance flows that do not conduct oneself grandly to network latency, such as vehicle and video etc.
Policing – Uses a nominal pail to limit the flood of conveyance to the specified good. If there are not adequacy tokens in the pail, any bring exchange to packets arriving are discarded. Unlike Policing if the nominal pail is undimmed then the packets be required to cool one’s heels in the court until there is enough room to carry on with broadcast.
Shaping – Uses a nominal pail and details buffer to court conveyance so it can be transmitted at a specified good, within the timing pause.
Now we denial whats accessible lets arrogate a look at how to create it respecting our VPN’s.
Well I authority we can die completely in looking at this in two numerous ways:
VPN conveyance flowing as a consequence the ASA
OR
VPNs terminating on the ASA
Lets about with VPN conveyance as a consequence the ASA. In this example concoct we plague a LAN to LAN VPN terminating between routers R1 and R2.
The at fundament ordinary example shows a fount setup of two implausible networks, separated on an ASA Firewall. With ISAKMP & IPSEC conveyance being permitted bidirectionally on the ASA.
The first touched in the head not fitting for we plague with any QoS deployment is to pinpoint and classify the conveyance we paucity to check.
ISAKMP – UDP 500
ESP – Protocol 50
NAT-T - UDP 4500
So that’s our appealing conveyance identified, in we plague to classify it. So with VPN conveyance transitional as a consequence the ASA, we potentially observe three numerous protocols commonly in profit by. On the ASA, QoS is leave of the Modular Policy Framework or MPF respecting meagre.
In MPF we profit by amplitude up maps to classify the conveyance we paucity to go together against. Within the amplitude up map we plague numerous criteria accessible respecting us to go together on, respecting this prВcis we on profit by an ACL which on permit any VPN conveyance to be matched.