Hello,
I have a 50MB ME circuit at HQ site running a 3925 router and 20MB ME circuits at 2 branch sites running 2951 routers.
I need to reserve 90% of the bandwidth at each site for site-to-site IPSec VPN's and leave the remaining 10% for browsing. I also need to shape the traffic on the outside interface's to match the bandwidth of the particular site. I also want to drop any traffic that is determined to be file sharing.
The routers work fine, the VPN's work fine, traffic shaping seems to be working, but when I generate traffic across the VPN and do "sh policy-map interface Gi0/1 output" all traffic is falling into the default class, nothing is getting classified as IPSec.
My class maps, policy maps, and outside interface config is attached. Can someone tell me why my ISec VPN traffic is not being recognized as such?
Thanks,
Mitchell Smith