Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
1
Replies

QoS - on VPN

bapatsubodh
Level 1
Level 1

‎08-19-2009 04:09 PM

hi,

Site to site VPN is configured with GRE tunnel with and without IPSEC. Traffic undergoing the tunnel is by simple access-list with source subnet and destination subnet. QoS needs to be applied so that ssh access between these two subnet traffic gets definite 1000 kbps bandwidth.

Serial interface is E1 as source of tunnel and other end of the router is also E1 of other end of tunnel.

Where and how to apply qos prequalify and policy output command and why?

ToS marking is default on all interested packets.

Conf can be :

class map ssh

match protocol ssh

policy-map secure-shell

class ssh

bandwidth 1000 ( kbps )

int tunn 0

tunn source s0

ip add 172.16.1.1 / 24

tunn dest 10.1.1.1 ( other end of tunnel )

/* shall we apply qos pre-classify here */

int s0

ip add ....

service out secure-shell

Please share the experience.

Thanks in advance

Subodh

Labels:
0 Helpful
1 Reply 1

sunsrini
Cisco Employee
Cisco Employee

‎08-21-2009 11:10 AM

You are trying to use NBAR for Qos classification and thats not supported with ipsec or gre.

http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html#wp1050835

You can either mark this traffic in the LAN interface using a specific ToS and to use that for qos classification or use an ACL for specific source/destination hosts for the qos classification.

0 Helpful
Customers Also Viewed These Support Documents