Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Silver

EzVPN using DVTIs & QoS

I am configuring an EzVPN client to use Dynamic VTIs; the config fragments are:

class-map match-all VOICE

match ip dscp ef

class-map match-any CALL-SETUP

match ip dscp af31

match ip dscp cs3

class-map match-any INTERNETWORK-CONTROL

match ip dscp cs6

!

!

policy-map 256-UPSTREAM

class CALL-SETUP

bandwidth percent 2

class INTERNETWORK-CONTROL

bandwidth percent 5

class VOICE

priority 128

class class-default

fair-queue

random-detect

policy-map SHAPER-256-UPSTREAM

class class-default

shape average 192000

service-policy 256-UPSTREAM

!

interface FastEthernet0/0

ip address dhcp

ip access-group EXT-IN-PLUS in

duplex auto

speed auto

crypto ipsec client ezvpn TEST

service-policy output SHAPER-256-UPSTREAM

!

interface FastEthernet0/1

ip address 10.199.0.1 255.255.254.0

duplex auto

speed auto

no keepalive

crypto ipsec client ezvpn TEST inside

!

interface Virtual-Template1 type tunnel

no ip address

ip mtu 1408

ip tcp adjust-mss 1368

tunnel mode ipsec ipv4

I've discovered that the counters displayed in the "show policy-map interface ..." command only increment when the service-policy is attached outbound on the physical outside crypto interface. The examples I've seen on CCO suggest applying the service-policy on the virtual-template interface, but the counters don't increment and the QoS policies are not enforced. Where should the service-policy be applied in a DVTI EzVPN Client configuration?

182
Views
0
Helpful
0
Replies
CreatePlease to create content