QoS and GRE with IPSEC

Unanswered Question

Hi! I have a central office (with 2821) and 3 remote sites. Remote sites connected to center trought GRE with IPSEC. Now I want to guarante some bandwitch to computers in one remote site.

How can I configure 2821 to guarante 2Mb bandwitch outgoing traffic for hosts in RM-1 (192.168.1.0)?

2821:

crypto map VPN 10 ipsec-isakmp

set peer 172.16.0.2

match add TO-192.168.1.0

!

inter tunn0

descr =To-RM-1=

ip add 10.0.0.1 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.2

ip nat inside

!

inter  tunn1

descr =To-RM-2=

ip add 10.0.0.5 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.3

!

inter tunn2

descr =To-RM-3=

ip add 10.0.0.9 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.4

!

inter gig0/0

descr =To-Outside=

ip add 172.16.0.1 255.255.255.0

ip nat outside

crypto map VPN

!

inter gig0/1

descr =To-Inside=

ip add 192.168.0.1 255.255.255.0

!

ip nat inside source list TO-NAT inter gig0/0 over

ip route 192.168.1.0 255.255.255.0 tunn0

ip route 192.168.2.0 255.255.255.0 tunn1

ip route 192.168.3.0 255.255.255.0 tunn3

!

ip access ext TO-192.168.1.0

perm gre host 172.16.0.1 host 172.16.0.2

!

ip access ext TO-NAT

perm ip 192.168.0.0 0.0.0.255 any

perm ip 192.168.1.0 0.0.0.255 any

!

!

RM-1:

!

inter tunn0

ip add 10.0.0.2 255.255.255.252

tunn sour fast0/0

tunn dest 172.16.0.1

!

inter fast0/0

descr =To-Outside=

ip add 172.16.0.2 255.255.255.0

!

inter fast0/1

descr =To-Inside=

ip add 192.168.1.1 255.255.255.0

!

ip route 192.168.0.0 255.255.255.0 tunn0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lei Tian Mon, 08/30/2010 - 19:11

Hi,

If you need guarantee 2M bandwidth for traffic from central office to RM-1? You can config something like the following

class-map TO-RM1

match access-group TO-RM1

policy-map CLASSIFY

class TO-RM1

set ip dscp af31

int fa0/1

service-policy in CLASSIFY

class-map QOS

match ip dscp af31

policy-map QOS

class QOS

bandwidth 2M

class class-default

fair-queue

int fa0/0

service-policy out QOS

HTH,


Lei Tian

Actions

This Discussion