Our entire office is made up of l2l vpn connections, and now some dmvpn connections. Our branch's are typically a 2811 router with an internet connection back to corp.
I understand the limitations to point of QoS and using the Internet. I understand that Qos is usually done on the outbound.
What is avaiable via Cisco Routers to "protect" my pristine internet conncection from file leechers ..et which in turn degrades my tunnel.
All branch sites are set to "surf" out their local isp default gateway. What happens is people play games ..etc which nails my vpn :) I want to make sure my vpn always has priority, which I can do on the outbound.. but not on the in bound.
How do all of you mitgate branch site / vpn branch site Internet traffic so that it does not congest your links? Is the only option to tunnel ALL traffic and qos on both ends, short of begging my ISP to put Qos on their link facing me?