Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
925
Views
0
Helpful
5
Replies

QoS for IPSEC(port 500,4500)

z.elguesmi
Level 1
Level 1

‎05-30-2013 06:38 AM - edited ‎03-04-2019 08:03 PM

hello,

please  you have any idea how can I configure QoS in the router CISCO1841 for  the port IPSEC(UDP 500 ,UDP 4500) and the port tcp 4433

thx for your help

Labels:
0 Helpful
5 Replies 5

Simon Brooks
Level 1
Level 1

‎06-03-2013 04:32 PM

Create an acl matching the port numbers. Create class map matching the acl. The create your policy map defining what you want do with it I.e. police/prioritise etc then apply to interface. That what you're after?


Sent from Cisco Technical Support Android App

0 Helpful

z.elguesmi
Level 1
Level 1
In response to Simon Brooks

‎06-04-2013 01:11 AM

I did that :

###############################################

class-map match-all test

match protocol ipsec

policy-map qostest

class test

  bandwidth 1536

interface FastEthernet0/1

ip address X.X.X.X 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

service-policy output qostest

############################################

its looks good ?

and how I can test if that work or no

thx

0 Helpful

Simon Brooks
Level 1
Level 1

‎06-04-2013 01:54 PM

Show policy-map int fa0/1

Look for hits in the class.

Matching a protocol? Have you got nbar turned on?

Sent from Cisco Technical Support Android App

0 Helpful

z.elguesmi
Level 1
Level 1
In response to Simon Brooks

‎06-05-2013 01:13 AM

I did show policy-map int fa0/1 and I had this :

############ when i did not use the VPN ###########################

1841#show policy-map interface fastEthernet0/1

FastEthernet0/1

  Service-policy output: qostest

    Class-map: test (match-all)

      11083 packets, 1580794 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: protocol ipsec

      Queueing

        Output Queue: Conversation 265

        Bandwidth 1536 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 2/236

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)

      10542255 packets, 1927566731 bytes

      5 minute offered rate 12000 bps, drop rate 0 bps

      Match: any

###############################################################

###############  when i use the vpn ##############################

1841#show policy-map interface fastEthernet0/1

FastEthernet0/1

  Service-policy output: qostest

    Class-map: test (match-all)

      11096 packets, 1583464 bytes

      5 minute offered rate 2000 bps, drop rate 0 bps

      Match: protocol ipsec

      Queueing

        Output Queue: Conversation 265

        Bandwidth 1536 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 2/236

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)

      10542690 packets, 1927611628 bytes

      5 minute offered rate 6000 bps, drop rate 0 bps

      Match: any

################################################################

for your question : " Matching a protocol? Have you got nbar turned on? "

I did not understand

0 Helpful

Simon Brooks
Level 1
Level 1

‎06-06-2013 01:43 AM

So it is working then? I think matching a protocol turns on nbar anyway so don't worry about that.

Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card