https://community.cisco.com/t5/network-security/qos-on-gre-vpn/m-p/412416#M1057156 <HTML><HEAD></HEAD><BODY><P>Hi ther</P><P></P><P>from your configs found you are missing the key config command under the tunnel interface which is must when ur attaching qos policies to ur tunnel interface or when ur trying to make use of qos policies with ur tunnel interfaces..</P><P></P><P>U need to add qos pre-classify under ur tunnel interface to make the qos policing work .</P><P></P><P>also have a look @ this link which can clear u up the things..</P><P></P><P></P><P><A class="jive-link-custom" href="http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtmlhttp://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml" target="_blank">http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtmlhttp://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml</A></P><P></P><P>regds</P><P></P></BODY></HTML> Wed, 29 Jun 2005 10:19:21 GMT spremkumar 2005-06-29T10:19:21Z https://community.cisco.com/t5/network-security/qos-on-gre-vpn/m-p/412415#M1057155 <P>Hello,</P><P></P><P>I am trying to implement QoS on VPN.</P><P></P><P>I have 1750 router Branch Office (BO), one 2600 in Head Office (HO), they are connected through VPN service provider, GRE tunnel. But QoS isn&#146;t working at all, when I apply this policy all applications are getting slowed down. I want to give priority to citrix traffic, I have 64k bandwidth, out of this I want to use 40k only for citrix. </P><P>On HO router many VPN tunnels are terminating on same serial interface(s0/1). I want to apply this QoS only for one tunnel (connecting to BO). But on BO, I can apply policy on serial interface directly because only one tunnel is terminating on (s0/0). </P><P></P><P>What is the problem in this configuration? What are the corrections/missing in configuration? Please advice me the right configuration. </P><P></P><P>This is the configuration of HO and BO router.</P><P></P><P>Branch Office (BO)</P><P>!</P><P>class-map match-any citrix</P><P> match access-group 111</P><P>!</P><P>!</P><P>policy-map child</P><P> class citrix</P><P> police cir 48000 bc 2000 be 2000</P><P> bandwidth percent 50</P><P>policy-map parent</P><P> class class-default</P><P> shape average 64000</P><P> service-policy child</P><P>!</P><P>interface Tunnel1</P><P>bandwidth 64</P><P>ip address 192.168.26.18 255.255.255.252</P><P>ip access-group www out</P><P>ip route-cache flow</P><P>service-policy output parent</P><P>tunnel source 203.201.209.198</P><P>tunnel destination 203.196.254.10</P><P>!</P><P>interface Serial0/0</P><P>bandwidth 64</P><P>ip address 203.201.209.198 255.255.255.252</P><P>ip route-cache flow</P><P>no ip mroute-cache</P><P>!</P><P>!</P><P>access-list 111 permit icmp any any</P><P>access-list 111 permit tcp any eq 1494 any</P><P>access-list 111 permit udp any eq 1604 any</P><P>!</P><P></P><P></P><P>Head Office (HO)</P><P>!</P><P>class-map match-any citrix</P><P> match access-group 111</P><P>!</P><P>!</P><P>policy-map child</P><P> class citrix</P><P> police 48000 2000 2000 conform-action transmit exceed-action drop</P><P> bandwidth percent 50</P><P>policy-map parent</P><P> class class-default</P><P> shape average 64000</P><P> service-policy child</P><P>!</P><P>!</P><P>interface Tunnel5</P><P> bandwidth 64</P><P> ip address 192.168.26.17 255.255.255.252</P><P> service-policy output parent</P><P> tunnel source 203.196.254.10</P><P> tunnel destination 203.201.209.198</P><P>!</P><P>interface Serial0/1</P><P> bandwidth 2048</P><P> ip address 203.196.254.10 255.255.255.252</P><P> no ip mroute-cache</P><P>!</P><P>access-list 111 permit icmp any any</P><P>access-list 111 permit tcp any eq 1494 any</P><P>access-list 111 permit udp any eq 1604 any</P><P>!</P><P></P><P></P><P>Thanks and regards</P><P>Kapish</P><P></P> Fri, 21 Feb 2020 08:14:18 GMT https://community.cisco.com/t5/network-security/qos-on-gre-vpn/m-p/412415#M1057155 kapishmohole.cisco 2020-02-21T08:14:18Z https://community.cisco.com/t5/network-security/qos-on-gre-vpn/m-p/412416#M1057156 <HTML><HEAD></HEAD><BODY><P>Hi ther</P><P></P><P>from your configs found you are missing the key config command under the tunnel interface which is must when ur attaching qos policies to ur tunnel interface or when ur trying to make use of qos policies with ur tunnel interfaces..</P><P></P><P>U need to add qos pre-classify under ur tunnel interface to make the qos policing work .</P><P></P><P>also have a look @ this link which can clear u up the things..</P><P></P><P></P><P><A class="jive-link-custom" href="http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtmlhttp://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml" target="_blank">http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtmlhttp://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml</A></P><P></P><P>regds</P><P></P></BODY></HTML> Wed, 29 Jun 2005 10:19:21 GMT https://community.cisco.com/t5/network-security/qos-on-gre-vpn/m-p/412416#M1057156 spremkumar 2005-06-29T10:19:21Z