I wanting to know whether the 'qos pre-classify' needs to be applied, and where it needs to be applied when using ipsec/gre tunnel with ipsec profile.
I notice on a 'pure' VTI tunnel the policy is applied to the tunnel directly without any 'qos pre-classify'. Does the same apply for a GRE/IPSec tunnel using ipsec profile?
Here is my config,
crypto ipsec profile VPNPROFILE
set transform-set VPN
class-map match-any E_QOS_CLASS
match access-group name E_QOS_ACL
class-map match-any VOICE_CLASS
match ip dscp ef
priority percent 33
shape average 112000
ip address 192.168.xxx.xxx 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 192.168.xxx.xxx
tunnel destination 192.168.yyy.yyy
tunnel protection ipsec profile VPNPROFILE
service-policy output SHAPE_POLICY
ip address 192.168.ZZZ.XXX 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
I notice that when I do a 'sh policy-map int tunnel' I get packets matched as well as shaping when I do a large file transfer, so to it me it's working.
Any ideas would be appreciated.