How to configure QoS on Cisco ASA firewall

There are three steps for configuring the QoS on Cisco ASA firewall

1.Identify the traffic or define the traffic classes.

To identify the traffic first create a new access-list to match the traffic. Once access-list is created call it in the class-map

ciscoasa(config)#access-list qos extended permit tcp any any eq 25
ciscoasa(config)#class-map qos
ciscoasa(config-cmap)#match access-list qos
ciscoasa(config-cmap)#exit

2.Associate actions with each traffic class in order to formulate policies with the use of Policy Map.

Then call that class-map in the Policy-map global_policy. Usually global_policy is the default policy-map set in ASA firewalls. In this example we are using the police command to throttle the traffic. In case we need to prioritise the traffic we just need to use the command priority and the selected traffic will get prioritised.

ciscoasa(config)#policy-map global_policy
ciscoasa(config-pmap)#class qos
ciscoasa(config-pmap-c)#police output 6144000
ciscoasa(config-pmap-c)#exit

or

ciscoasa(config)#policy-map global_policy
ciscoasa(config-pmap)#class qos
ciscoasa(config-pmap-c)#priority
ciscoasa(config-pmap-c)#exit

3.Issue the service-policy command in order to activate the policies.

The final step is applying that policy map on the interface.This needs to be done once. Usually you don’t need to assign policy to interface most of time it’s already set to interface

ciscoasa(config)#service-policy global_policy interface inside