Cisco Systems ASA 5585-X Manual De Usuario

For hierarchical priority queuing, you do not need to create a priority queue on an interface.

For hierarchical priority queuing, for encrypted VPN traffic, you can only match traffic based on the 
DSCP or precedence setting; you cannot match a tunnel group.

For hierarchical priority queuing, IPsec-over-TCP traffic is not supported.

To configure traffic shaping and optional hiearchical priority queuing, perform the following steps.

Traffic shaping is only supported on the ASA 5505, 5510, 5520, 5540, and 5550. Multi-core models 
(such as the ASA 5500-X) do not support shaping.

For traffic shaping, you can only use the class-default class map, which is automatically created by 
the ASA, and which matches all traffic.

ciscoasa(config)# class-map 

priority_traffic

For hierarchical priority queuing, creates a class map to identify 
the traffic for which you want to perform priority queuing.

 parameter

ciscoasa(config-cmap)# match access-list 

priority

Specifies the traffic in the class map. See the 

 for more 

information. For encrypted VPN traffic, you can only match 
traffic based on the DSCP or precedence setting; you cannot 
match a tunnel group.

 priority_map_name

ciscoasa(config)# policy-map 

priority-sub-policy

Creates a policy map.

 priority_map_name

ciscoasa(config-pmap)# class 

priority-sub-map

Specifies the class map you created in 

.

ciscoasa(config-pmap-c)# priority

Applies the priority queuing action to a class map.

This policy has not yet been activated. You must activate 
it as part of the shaping policy. See the