KB ID 0001359
I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections.
Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth issue.
The client requested I prioritise RDP traffic on the link. We were not really sure if that would cure the problem, but they have not complained since!
On the main site, (with the RDP server(s) on), create an ‘access-list‘ to match our interesting traffic. (I’m just using ‘any’ as the source.)
Main-Site# configure terminal Main-Site(config)# access-list ACL-RDP-Traffic extended permit tcp any eq 3389 172.16.0.0 255.255.0.0
Create a ‘priority-queue‘ on the outside interface.
Main-Site(config)# priority-queue outside Main-Site(config-priority-queue)# exit
Create a ‘class-map‘ that matches our ‘access-list‘.
Main-Site(config)# class-map CM-RDP-Traffic Main-Site(config-cmap)# match access-list ACL-RDP-Traffic Main-Site(config-cmap)# exit
Create ‘policy-map‘ that uses the ‘class-map‘ and assigns it priority.
Main-Site(config)# policy-map PM-RDP-Traffic Main-Site(config-pmap)# class CM-RDP-Traffic Main-Site(config-pmap-c)# priority Main-Site(config-pmap-c)# exit Main-Site(config-pmap)# exit
Apply the ‘service-policy‘ to the ‘outside interface‘.
Main-Site(config)# service-policy PM-RDP-Traffic interface outside Main-Site(config)# end
You can ensure it has worked with the following command;
Main-Site# show service-policy interface outside priority Interface outside: Service-policy: PM-RDP-Traffic Class-map: CM-RDP-Traffic Priority: Interface outside: aggregate drop 0, aggregate transmit 0 Main-Site#
Then, do the mirror image on the remote site, (where the clients are). Note: I’ve made this access list a little more specific.
Remote-Site# configure terminal Remote-Site(config)# access-list ACL-RDP-Traffic permit tcp 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0 eq 3389 Remote-Site(config)# priority-queue outside Remote-Site(config-priority-queue)# exit Remote-Site(config)# class-map CM-RDP-Traffic Remote-Site(config-cmap)# match access-list ACL-RDP-Traffic Remote-Site(config-cmap)# exit Remote-Site(config)# policy-map PM-RDP-Traffic Remote-Site(config-pmap)# class CM-RDP-Traffic Remote-Site(config-pmap-c)# priority Remote-Site(config-pmap-c)# exit Remote-Site(config-pmap)# exit Remote-Site(config)# service-policy PM-RDP-Traffic interface outside Remote-Site(config)# end
Don’t forget: To save the changes with a ‘write memory‘ command when you’re happy.
Related Articles, References, Credits, or External Links
Really helpful.Thank you for creating this!
Hi, first of all, excellent reading, I have implemented a few of your ASA articles.
Now I’m trying to prioritize DHCP on my local network (clients receive an IP address from a Windows Server 2016), this is what I have done, how to be sure it’s working?
Everyone is connected internally on the inside interface.
access-list 195 extended permit udp any eq 67 any
match access-list 195
service-policy QoS_policy interface inside
Why would you want to prioritise DHCP traffic? Just setup a DHCP helper?