Re: Custom Queue and IPSec

chan-kuen.hui · ‎09-07-2004

Dear All,

I am using the following crypto map and Queue list on serial interface. I found that

crypto map vpn 10 ipsec-isakmp

set peer 10.50.5.173

set transform-set pilot

match address 101

interface Serial0/0

custom-queue-list 1

crypto map vpn

access-list 110 permit ip host 10.11.41.1 host 10.100.100.1

access-list 111 permit ip 10.10.41.0 0.0.0.255 192.168.200.0 0.0.0.255

queue-list 1 protocol ip 1 list 111

queue-list 1 protocol ip 2 list 110

queue-list 1 protocol ip 3

queue-list 1 default 4

queue-list 1 queue 1 byte-count 4096

queue-list 1 queue 2 byte-count 2048

queue-list 1 queue 3 byte-count 1024

queue-list 1 queue 4 byte-count 1024

I found that the traffic cannot enter the queue 1 and queue 2 with access-list 110 and 111.

Since traffic for access-list 110 and 111 is encrypted. I suspect the problem is casued by encryption.

Is there any solution?

Thanks and Regards,

C.K.

aacole · ‎09-07-2004

Whilst looking for information on IPSec and QoS I found this article which may help you also.

The features have been introduced in 12.3.(8)T

Andy

chan-kuen.hui · ‎09-07-2004

I found a command "qos pre-classify" which can be added in the crypto map.

Is this work? and which version in 2610 router support this?

Thanks and Regards,

C.K.

spremkumar · ‎09-07-2004

hi

Qos takes a backseat when it comes to GRE or ipsec tunneling and can be overcome using qos pre-classify command.

To find the exact ios for ur H/W which supports tht command try this link ....

regds