If you have not read both the ASA QoS Configuration Guide and the IOS QoS Solutions Guide please read them. Standard IOS ISR's run circles around what the ASA is capable of in regard to QoS. While I am a big fan of the ASA platform, I will be the first to admit that QoS paradigms and capabilities are rather limited on ASA's. I'm confused since I could also be setting up traffic policing on the resource-centre traffic, but I don't think that is what I want to do, as I don't actually care how much bandwidth the resource centre is using as long as it doesn't disrupt office traffic. I think what I need to do is set up prioritization to traffic that matches office-traffic - that would mean that traffic to/from office would never be disrupted by traffic to/from the resource centre right? I can create ACLs for my two inside vlans: access-list resource-centre-traffic extended permit ip 192.168.0.0 255.255.255.0 anyĪccess-list resource-centre-traffic extended permit ip any 192.168.0.0 255.255.255.0Īccess-list office-traffic extended permit ip 172.16.0.0 255.255.255.0 anyĪccess-list office-traffic extended permit ip any 172.16.0.0 255.255.255.0
Put another way, I don't want the resource-centre traffic to overwhelm office traffic. I want to ensure that traffic from office to the vpn or internet has priority over traffic from the resource-centre. One connected to the internet called outside, one for our office called office (which connects to the corporate VPN) and one for a publicly accessible resource-centre.