EzVPN using DVTIs & QoS

Unanswered Question
Sep 19th, 2007
User Badges:
  • Silver, 250 points or more

I am configuring an EzVPN client to use Dynamic VTIs; the config fragments are:


class-map match-all VOICE

match ip dscp ef

class-map match-any CALL-SETUP

match ip dscp af31

match ip dscp cs3

class-map match-any INTERNETWORK-CONTROL

match ip dscp cs6

!

!

policy-map 256-UPSTREAM

class CALL-SETUP

bandwidth percent 2

class INTERNETWORK-CONTROL

bandwidth percent 5

class VOICE

priority 128

class class-default

fair-queue

random-detect

policy-map SHAPER-256-UPSTREAM

class class-default

shape average 192000

service-policy 256-UPSTREAM

!

interface FastEthernet0/0

ip address dhcp

ip access-group EXT-IN-PLUS in

duplex auto

speed auto

crypto ipsec client ezvpn TEST

service-policy output SHAPER-256-UPSTREAM

!

interface FastEthernet0/1

ip address 10.199.0.1 255.255.254.0

duplex auto

speed auto

no keepalive

crypto ipsec client ezvpn TEST inside

!

interface Virtual-Template1 type tunnel

no ip address

ip mtu 1408

ip tcp adjust-mss 1368

tunnel mode ipsec ipv4


I've discovered that the counters displayed in the "show policy-map interface ..." command only increment when the service-policy is attached outbound on the physical outside crypto interface. The examples I've seen on CCO suggest applying the service-policy on the virtual-template interface, but the counters don't increment and the QoS policies are not enforced. Where should the service-policy be applied in a DVTI EzVPN Client configuration?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion