cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
453
Views
0
Helpful
1
Replies

QoS when IPSEC and GRE terminate on different routers

niehaus.craig
Level 1
Level 1

We have an environment with about 120 STS VPN sites.  Each site terminates IPSec on an ipsecdist router that is in a DMZ.  Each site also terminates a GRE tunnel on a vpndist router that is on our trusted network.  Currently, QoS is applied outbound on the tunnel interfaces on the vpndist routers.

The issue we are having with the current configuration is the policy map and shaping polices are not accounting for the 52 bytes that are added after the packet leaves the vpndist router and gets encapsulated in IPSec by the ipsecdist router.

Is there a QoS mechanism that we can use to instruct the vpndist router to add 52 bytes to each packet before calculating the bandwidth percentages in the policy map and the overall rate in the shaping policy?

1 Reply 1

lmn20176
Level 5
Level 5

Then you should push the QOS policy further out on the IPSECDist Router.

-lmn

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: