Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

QOS over VPN

Hi
I have 1811 router(12.4.11(2)T)  at SITEA and this site has dsl connection for Internet services.This 1811 has IPSEC and Easy VPN tunnels connecting to other sites.

Problem:
I want to give priority to destination subnet 10.32.8.0/22 for IP protocol which is on the other side of VPN tunnel1.The destination subnet 10.32.0.0/22 is used for authentication via RSA which is on the other side of VPN Tunnel2 .The source subnet is 172.26.47.0/24 behind BVI interface.What commands need to put so that source subnet gets high priority to 10.32.8.0/22 but at the same time administrators also can log on to this router from subnet 10.32.0.0/22 for maintenance.All other traffice shall also flow but with lesser priority.Please let me know the right commands to complete this task.

Please see config below

interface FastEthernet0
description PPPOE based High Speed Internet
no ip address
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1


interface BVI1
description Virtual Bridging Interface
ip address 172.26.47.100 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip policy route-map no_nat
crypto ipsec client ezvpn DR inside

crypto ipsec client ezvpn DR
connect auto
group XYZ key abc
mode network-extension
peer 1.2.3.4 default

crypto map rt 3 ipsec-isakmp
set peer 1.4.5.6
set transform-set z_Transform_AES_256
set pfs group2
match address 10.32.0.0-Subnet

ip access-list extended 10.32.0.0-Subnet
permit ip 172.26.47.0 0.0.0.255 10.32.0.0 0.0.255.255

crypto map rt1 3 ipsec-isakmp
set peer 11.4.51.6
set transform-set dz_Transform_AES_256
set pfs group2
match address 10.32.8.0/22-Subnet

ip access-list extended 10.32.8.0/22-Subnet
permit ip 172.26.47.0 0.0.0.255 10.32.8.0 0.0.3.255

Thanks

433
Views
0
Helpful
0
Replies
CreatePlease to create content