I have a requirement to configure QoS on an internet link that is limited to 1mbps upload speed. There are remote sites connecting to this HO site that have much larger bandwidth limits so i want to control outbound bandwidth from this site.
As an example I have created a sample configuration below. In the example I have assumed that I will be allocating 256kbps to each IPSEC VPN and 256kbps to http and https traffic.
Is this along the right lines and will I need a class-default class for all other traffic?
Many thanks
class-map match-any HTTP
match access-group HTTP
class-map match-any VPN1
match access-group VPN1
class-map match-any VPN2
match access-group VPN2
policy-map output
class HTTP-TRAFFIC
bandwidth 256
class VPN1
bandwidth 256
class VPN2
bandwidth 256
ip access-list extended VPN1
permit esp host x.x.x.x host y.y.y.y (where x.x.x is my router IP address and y.y.y.y is the vpn peer 1)
ip access-list extended VPN2
permit esp host x.x.x.x host z.z.z.z (where x.x.x is my router IP address and z.z.z.z is the vpn peer 2)
ip access-list extended HTTP
permit tcp any any eq 80
permit tcp any any eq 443
permit tcp any eq 80 any
permit tcp any eq 443 any
interface dialer0
service-policy output output