we have one remote site connected to HQ via 1Mbps wan link. users there use many applications in HQ such as internet, database, windows DC, windows exchange,...some users make heavy download and this could saturate the wan bandwidth (1Mbps)
we have the following need: if only internet traffic is travelling via wan link, it could take all the bw. but if there is other applications (specially, Database access) only 256kbps will be reserved for internet.
what is the best solution to achieve this?
You could apply the following QOS policy to your outgoing wan link at your HQ site
In this example assume that
192.168.10.0/24 is your remote site
192.168.5.0/24 & 192.168.6.0/24 are your subnets at HQ where the remote users get their database/windows DC etc. from
access-list 101 permit ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.10.0 0.0.0.255
match access-group 101
bandwidth percent 50
service-policy output LINT
The above reserves 50% of traffic for your non-internet usage. If it is not used then Internet will be able to use it. Note that 25% is reserved by the router itself hence the reason you have 50% rather than 75%.
You should also apply a similiar service-policy at the remote site as well but as you say you are primarily concerned with heavy downloads.