Cisco ASA: Prioritise RDP Traffic

KB ID 0001359


I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections.

Prioritise RDP Traffic Cisco ASA

Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth issue.

The client requested I prioritise RDP traffic on the link. We were not really sure if that would cure the problem, but they have not complained since!


On the main site, (with the RDP server(s) on), create an ‘access-list‘ to match our interesting traffic. (I’m just using ‘any’ as the source.)

Main-Site# configure terminal
Main-Site(config)# access-list ACL-RDP-Traffic extended permit tcp any eq 3389

Create a ‘priority-queue‘ on the outside interface.

Main-Site(config)# priority-queue outside
Main-Site(config-priority-queue)#  exit

Create a ‘class-map‘ that matches our ‘access-list‘.

Main-Site(config)# class-map CM-RDP-Traffic
Main-Site(config-cmap)#  match access-list ACL-RDP-Traffic
Main-Site(config-cmap)#  exit

Create  ‘policy-map‘ that uses the ‘class-map‘ and assigns it priority.

Main-Site(config)# policy-map PM-RDP-Traffic
Main-Site(config-pmap)#  class CM-RDP-Traffic
Main-Site(config-pmap-c)#   priority
Main-Site(config-pmap-c)#   exit
Main-Site(config-pmap)#  exit

Apply the ‘service-policy‘ to the ‘outside interface‘.

Main-Site(config)# service-policy PM-RDP-Traffic interface outside
Main-Site(config)# end

You can ensure it has worked with  the following command;

Main-Site# show service-policy interface outside priority

Interface outside:
  Service-policy: PM-RDP-Traffic
    Class-map: CM-RDP-Traffic
        Interface outside: aggregate drop 0, aggregate transmit 0

Then, do the mirror image on the remote site, (where the clients are). Note: I’ve made this access list a little more specific.

Remote-Site# configure terminal
Remote-Site(config)# access-list ACL-RDP-Traffic permit tcp eq 3389
Remote-Site(config)# priority-queue outside
Remote-Site(config-priority-queue)#  exit
Remote-Site(config)# class-map CM-RDP-Traffic
Remote-Site(config-cmap)#  match access-list ACL-RDP-Traffic
Remote-Site(config-cmap)#  exit
Remote-Site(config)# policy-map PM-RDP-Traffic
Remote-Site(config-pmap)#  class CM-RDP-Traffic
Remote-Site(config-pmap-c)#   priority
Remote-Site(config-pmap-c)#   exit
Remote-Site(config-pmap)#  exit
Remote-Site(config)# service-policy PM-RDP-Traffic interface outside
Remote-Site(config)# end

Don’t forget: To save the changes with a ‘write memory‘ command when you’re happy.

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On


  1. Really helpful.Thank you for creating this!

    Post a Reply
  2. Hi, first of all, excellent reading, I have implemented a few of your ASA articles.
    Now I’m trying to prioritize DHCP on my local network (clients receive an IP address from a Windows Server 2016), this is what I have done, how to be sure it’s working?

    Everyone is connected internally on the inside interface.

    access-list 195 extended permit udp any eq 67 any

    priority-queue inside

    class-map QoSPriority_classmap
    match access-list 195

    policy-map QoS_policy
    class QoSPriority_classmap

    service-policy QoS_policy interface inside

    Post a Reply
    • Why would you want to prioritise DHCP traffic? Just setup a DHCP helper?

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *