I have a customer on a sub interface I am trying to police.  They are sending too much traffic accross
a L2L VPN.  I have the policer set right and it is dropping traffic but I am still seeing 160Mb/s when
I want to see 75Mb/s. 
service-policy customer-ratelimit interface customer

policy-map customer-ratelimit
 class QOS_customer
  police input 75000000
  police output 75000000

class-map QOS_customer
match access-list qos_customer

access-list qos_customer extended permit ip 10.251.15.128 255.255.255.128 any
access-list qos_customer extended permit ip any 10.251.15.128 255.255.255.128
access-list qos_customer extended permit ip 10.251.22.0 255.255.255.0 any
access-list qos_customer extended permit ip any 10.251.22.0 255.255.255.0
access-list qos_customer extended permit ip any any

The any any was just trying to get the traffic down.  The ends of the VPN are 10.251.15.128/25 and 10.251.22.0 Am I doing something wrong here?  When I look
the subinterface on my traffic patterns I see 160Mb/s going on and identical patterns on my edge that
is the extra 160Mb/s I would expect.  The policer does show that it is dropping traffic.  Thanks

Interface customer:
  Service-policy: customer-ratelimit
    Class-map: QOS_customer
      Input police Interface customer:
        cir 75000000 bps, bc 2343750 bytes
        conformed 61176816 packets, 81818023839 bytes; actions:  transmit
        exceeded 4067895 packets, 5751183726 bytes; actions:  drop
        conformed 76982448 bps, exceed 8387136 bps
      Output police Interface customer:
        cir 75000000 bps, bc 2343750 bytes
        conformed 39722182 packets, 6546762125 bytes; actions:  transmit
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 5844016 bps, exceed 0 bps