09-16-2007 11:00 PM - edited 03-03-2019 06:47 PM
Hi,
Can anyone suggest a link to QOS .
router(tunnel ) ---- internet----router1----(tunnel)pix
My site to site tunnel is terminating on the pix
On the router1 I want to limit traffic through the vpn tunnel to 256 kbps and the rest of the traffic as normal
Plz suggest a suitable config link to implement the same .
Thanks
Raj
09-16-2007 11:25 PM
hello
try something like this
Etienne
class-map match-any CM-IPSEC
match proto ipsec (assuming it's ipsec tunnel)
policy-map PM-SHAPE-IPSEC
class-map CM-IPSEC
shape average 256000
int WANINTERFACE
service-policy outpu PM-SHAPE-IPSEC
09-16-2007 11:49 PM
Hi,
Thanks a lot.
I will try and see if this works .
It should only allow 256 kbps of vpn tuneel trafiic.
Normal internet traffic stays as it is .
I dont need QOS behind the LAN.
I dont think I need an extra router in this scenerio.
I have a internet bandwidth of 1mbps.
Out of that I just want to allocate 256 kbps maximum for vpn tunnel anything above that bandwidth should be dropped by the router
If u could plz provide a link for better understanding
Thanks in advance
Raj
09-16-2007 11:37 PM
You will need more than one link to adress all issues that are possibly related to your question. How about:
-QoS in the LAN's behind router/pix?
-How to mark the tunneled packets?
-How to ensure that these markings are preserved along the way?
-Limiting QoS traffic in transit will inevitably lead to data loss, hence this is a bad idea.
-A PIX only does fifo, you will need an ASA or perhaps an extra router.
In my opinion, this issue is too complex to be resolved on this forum. My suggestion would be to hire someone with the required knowledge and let him make & build the design.
regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide