QoS on tunnel using IPSec Profile

Unanswered Question
Jul 24th, 2008
User Badges:

I wanting to know whether the 'qos pre-classify' needs to be applied, and where it needs to be applied when using ipsec/gre tunnel with ipsec profile.

I notice on a 'pure' VTI tunnel the policy is applied to the tunnel directly without any 'qos pre-classify'. Does the same apply for a GRE/IPSec tunnel using ipsec profile?

Here is my config,

crypto ipsec profile VPNPROFILE

set transform-set VPN

class-map match-any E_QOS_CLASS

match access-group name E_QOS_ACL

class-map match-any VOICE_CLASS

match ip dscp ef

policy-map QOS_POLICY


priority percent 33

class class-default


policy-map SHAPE_POLICY


shape average 112000

service-policy QOS_POLICY

interface Tunnel

bandwidth 128

ip address 192.168.xxx.xxx

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source 192.168.xxx.xxx

tunnel destination 192.168.yyy.yyy

tunnel protection ipsec profile VPNPROFILE

service-policy output SHAPE_POLICY

interface FastEthernet0

bandwidth 128

ip address 192.168.ZZZ.XXX

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

I notice that when I do a 'sh policy-map int tunnel' I get packets matched as well as shaping when I do a large file transfer, so to it me it's working.

Any ideas would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion