My company has a 3Mb pipe to the Internet coming into a telco-managed router. There is then a Fast Ethernet connection from the telco router to our Cisco 2851 (going through a PIX). We have a site-to-site VPN tunnel setup on the PIX for accessing certain servers. The routing and everything works fine.
The issue is that we upload data onto the servers on the other side of the tunnel through Windows File Sharing. However, if the basic connection is completely saturated due to someone in the company downloading a large file (for example), access to the file shares on the other side of the VPN tunnel becomes unusably slow. I want to set up QOS on the 2851 router to prioritize traffic to/from the network on the other side of the VPN tunnel. Is this doable (prioritizing traffic both to and from the network on the other side of the VPN tunnel)?
I am very, very new to Cisco networking.
Thank you in advance.
Based on your topology, the 2851 could use a nested policy to control outbound traffic (to pix and beyond) to
a) shape the traffic destined for the internet and the VPN down to 3 Mbps (or somewhat below to account for layer 2 encapsulation overhead)
b) give priority to traffic going to the VPN over traffic to anywhere else in the internet.
For technical details and configuration have a look at
In principle the configs could look like this:
shape average 2900000
!make sure you do not overload your internet connection and control bandwidth access locally
! controls, which app gets what amount of your 3 Mbps
class-map match-any VPNtraffic
match ip address 100
access-list 100 permit
! use the PIX description on what to encrypt in the tunnel
bandwidth percent 80
! here 80% is for VPN 20% for internet. adjust to your requirements
! the "rest" of traffic is fair-queued with WRED turned on, which is best practice
service-policy output Shape3M
!applies the Ã¼policy to the interface connecting the 2851 to the PIX
To control the return traffic from the internet is more tricky, but you could try the same approach, by applying a similar policy with adjusted traffic descriptions (replace ACL 100 in a new class-map) for the return traffic.
Hope this helps! Please use the rating system.