we have a very simple setup
L3 switch --> Pix firewall --> internet router (cisco 2801)---> ISP
We just have a default static route in L3 switch to point to pix so that all internet traffic gets routed to pix.
Now we have a bunch of users using various vpn clients to connect so that they can work in client's/partner environments. I just want that the total bandwidth consumed by such VPN traffic does not exceed 20% of total bandwidth. I want to restrict it for upload and download traffic both. I know all the destination VPN gateway IP addresses for such connections. Let me know what is best method to do it.