--------------old config------------------------------------------ ASAMCB# sho running-config policy-map qos_outside_policy ! policy-map qos_outside_policy class voice_traffic police output 10000000 class class-default police output 20000000 ASAMCB# sho running-config policy-map qos_outside_policy ! policy-map qos_outside_policy class voice_traffic police output 20000000 class class-default police output 10000000 ---------------------------new cobfig ------------------------------------------- ASAMCB# sho running-config policy-map qos_outside_policy ! policy-map qos_outside_policy class ipsec_voice_vpn class ipsec_all_traffic police output 20000000 class class-default police output 10000000 --------------------------------------------------------------------------- ASAMCB# show run class-map ! class-map voice_traffic match dscp af13 ef class-map ipsec_all_traffic match flow ip destination-address match tunnel-group 212.6.39.7 class-map inspection_default match default-inspection-traffic class-map ipsec_voice_vpn match dscp ef match tunnel-group 212.6.39.7 ! ASAMCB# show service-policy police Interface WAN_SBIN: Service-policy: qos_outside_policy Class-map: ipsec_all_traffic Output police Interface WAN_SBIN: cir 20000000 bps, bc 625000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default Output police Interface WAN_SBIN: cir 10000000 bps, bc 312500 bytes conformed 131558527 packets, 24007712857 bytes; actions: transmit exceeded 59654 packets, 83174609 bytes; actions: drop conformed 491792 bps, exceed 0 bps ASAMCB# --------------------------------------------------------------------------- Find below configs that we can apply for ipsec QoS: class-map ipsec_voice_vpn match tunnel-group 212.6.39.7 match dscp ef class-map ipsec_all_traffic match tunnel-group 212.6.39.7 match flow ip destination-address policy-map "qos_outside_policy class ipsec_voice_vpn police output 10000000 class ipsec_all_traffic police output 10000000 service-policy “qos_outside_policy” interface “outside interface” let me know when we can apply the configs Regards, John --------------------------------------------------------------------------------- class-map voice_traffic match dscp EF AF13   sho run class class-default police output 15000000 conform-action transmit exceed-action drop class voice_traffic police output 20000000 conform-action transmit service-policy qos_outside_policy interface WAN_SBIN object-group network Acces-Internet network-object 10.0.5.0 255.255.255.0 network-object 10.136.31.128 255.255.255.128 network-object 10.0.6.32 255.255.255.224 network-object 10.0.6.160 255.255.255.224 network-object host 10.0.6.1 network-object host 10.0.6.2 network-object host 10.0.6.3 network-object host 10.0.6.4 network-object host 10.0.6.65 network-object host 10.0.6.66 network-object host 10.0.6.67 network-object host 10.0.6.68 network-object host 10.0.6.81 network-object host 10.0.6.79 network-object host 10.0.6.69 network-object host 10.0.6.71 network-object host 10.0.6.73 network-object host 10.0.6.75 network-object host 10.0.6.76 network-object host 10.0.6.97 network-object host 10.0.6.98 network-object host 10.0.6.99 network-object host 10.0.6.100 network-object host 10.0.6.101 network-object host 10.0.6.102 network-object host 10.0.6.103 network-object host 10.0.6.104 network-object host 10.0.6.105 network-object host 10.0.6.106 network-object host 10.0.6.107 network-object host 10.0.6.108 network-object host 10.0.6.10ç network-object host 10.0.6.110 network-object host 10.0.6.111 network-object host 10.0.6.129 network-object host 10.0.6.130 network-object host 10.0.6.131 network-object host 10.0.6.132 network-object host 10.0.6.135 network-object host 10.0.6.136 network-object host 10.0.6.137 network-object host 10.0.6.138 network-object host 10.0.6.139 network-object host 10.0.6.141 network-object host 10.0.6.142 network-object host 10.0.6.143 network-object host 10.0.6.144 network-object host 10.0.6.145 network-object host 10.0.6.148 network-object host 10.0.6.149 network-object host 10.0.6.152 network-object host 192.168.4.5 network-object host 192.168.4.30 network-object host 192.168.4.59 network-object host 192.168.4.71 network-object host 192.168.4.72 network-object host 192.168.4.73 network-object host 192.168.4.74 network-object host 192.168.4.75 network-object host 192.168.4.76 network-object host 192.168.4.77 network-object host 192.168.4.78 network-object host 192.168.4.79 network-object host 192.168.4.80 network-object host 192.168.4.81 network-object host 192.168.4.82 network-object host 192.168.4.82 network-object host 192.168.4.84 network-object host 192.168.4.85 network-object host 192.168.4.86 network-object host 192.168.4.87 network-object host 192.168.4.88 network-object host 192.168.4.89 network-object host 192.168.4.90 network-object host 192.168.4.91 network-object host 192.168.4.92 network-object host 192.168.4.94 network-object host 192.168.4.95 network-object host 192.168.4.100 network-object host 192.168.4.101 network-object host 192.168.4.102 network-object host 192.168.2.91 network-object host 192.168.2.81 network-object host 192.168.2.83 network-object host 192.168.2.77 network-object host 192.168.2.10 network-object host 192.168.2.50 network-object host 192.168.2.52 network-object host 192.168.2.48 network-object host 192.168.2.46 network-object host 192.168.2.44 network-object host 192.168.2.43 network-object host 192.168.2.55 network-object host 192.168.2.33 network-object host 192.168.2.35 network-object host 192.168.2.62 network-object host 192.168.2.63 network-object host 192.168.2.64 network-object host 192.168.2.65 network-object host 192.168.2.66 network-object host 192.168.2.2 network-object host 192.168.2.6 network-object host 192.168.2.32 object-group network Acces-Internet no network-object host 192.168.2.1 no network-object host 192.168.2.3 no network-object host 192.168.2.77 network-object host 192.168.2.91 network-object host 192.168.2.81 network-object host 192.168.2.83 network-object host 192.168.2.77 network-object host 192.168.2.10 network-object host 192.168.2.50 network-object host 192.168.2.52 network-object host 192.168.2.48 network-object host 192.168.2.46 network-object host 192.168.2.44 network-object host 192.168.2.43 network-object host 192.168.2.55 network-object host 192.168.2.33 network-object host 192.168.2.35 network-object host 192.168.2.62 network-object host 192.168.2.63 network-object host 192.168.2.64 network-object host 192.168.2.65 network-object host 192.168.2.66 network-object host 192.168.2.2 network-object host 192.168.2.6 network-object host 192.168.2.32 access-list MCB_LAN_access_in line 20 extended permit udp object-group Acces-Internet any eq 53 access-list MCB_LAN_access_in line 20 extended permit tcp object-group Acces-Internet any eq 443 access-list MCB_LAN_access_in line 20 extended permit tcp object-group Acces-Internet any eq 80 access-list MCB_LAN_access_in line 20 extended permit tcp object-group Acces-Internet any eq ftp access-list MCB_LAN_access_in line 20 extended permit tcp object-group Acces-Internet any eq 22 access-list MCB_LAN_access_in extended permit tcp object-group Acces-Internet any eq 5222 no access-list MCB_LAN_access_in extended permit tcp 10.0.5.0 255.255.255.0 any eq https no access-list MCB_LAN_access_in extended permit tcp 10.0.5.0 255.255.255.0 any eq www no access-list MCB_LAN_access_in extended permit udp 10.0.5.0 255.255.255.0 any eq domain no access-list MCB_LAN_access_in extended permit tcp 10.0.5.0 255.255.255.0 any eq domain no access-list MCB_LAN_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq https no access-list MCB_LAN_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq www no access-list MCB_LAN_access_in extended permit tcp 192.168.4.0 255.255.255.0 any eq https no access-list MCB_LAN_access_in extended permit tcp 192.168.4.0 255.255.255.0 any eq www no access-list MCB_LAN_access_in extended permit tcp 192.168.6.0 255.255.255.0 any eq https no access-list MCB_LAN_access_in extended permit tcp 192.168.6.0 255.255.255.0 any eq www no access-list MCB_LAN_access_in extended permit tcp 10.136.31.128 255.255.255.128 any eq https no access-list MCB_LAN_access_in extended permit tcp 10.136.31.128 255.255.255.128 any eq www no access-list MCB_LAN_access_in extended permit tcp 10.0.6.0 255.255.255.0 any eq https no access-list MCB_LAN_access_in extended permit tcp 10.0.6.0 255.255.255.0 any eq www receive qny linux server