Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
594
Views
5
Helpful
1
Replies

CAR and VPN

infomil
Level 1
Level 1

‎05-18-2006 06:50 AM - edited ‎02-21-2020 12:54 AM

Hello,

I try to implement CAR for limiting bandwidth used by specific trafic under an IPSec Tunnel between 2 878 routers over SDSL.

I specify access-list and use the rate-limit command under the dialer 1 interface.

The problem is that the dialer 1 interface has also the crypto map command and I think that the rate-limit command cannot work because the trafic is already encrypt when the rate-limit command is apply.

Is there an issue to my problem ???

Thanks.

0 Helpful
1 Reply 1

mheusinger
Level 10
Level 10

‎05-18-2006 07:57 AM

Hello,

you should have a look at the qos pre-classify feature. Basically the router "remembers" the original - unencrypted - header and can match based on this info. Unfortunately this is not supported by CAR, afaik. You would have to use class-based shaping, which is the better option anyhow IMHO.

An example config could be something like:

ip cef

class-map match-all Limit1

match ip address 101

class-map match-all Limit2

match protocol ftp

policy-map RateLimit

class Limit1

shape average 100000

class Limit2

shape average 64000

crypto-map MySec

qos pre-classify

interface Dialer1

service-policy output RateLimit

access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq 80

For further reading I would recommend you "Configuring QoS for Virtual Private Networks"

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d3.html

Hope this helps! Please rate all posts.

Regards, Martin

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card