Hi Everyone,
I've got a problem, maybe someone can help me.
Here's teh description:
1 client, 2 sites, both sites have a PIX between the lan and the outside, a 2600 series router handles the serial line both sites (internet connections).
On each site there's only 1 IP address from the provider, so between the PIXes and routers we are using a private IP subnet.
The two PIXes are connected with an IPsec tunnel. (with isakmp)
In order to avoid NATing with the routers we have configured a GRE tunnel over the internet.
Looks like this:
LAN -> PIX -----(IPsec)----> 2600 ------(GRE)------ 2600 <---(IPSec)----PIX<----LAN
I know that it would be nice to set up a direct IPsec link between the two routers, but it's not an oprion (the client wants the IPsec built by the firewalls)
It works very nice, but they have a new request.
They want to have two traffic classes over the connection with a simple priority queueing.
We made 2 IPsec tunnels, so the routers will be able to separate the traffic to two classes, but the problem is that GRE does not support queueing as far as I know.
How can we provide QoS with this IPSec over GRE solution?
Thanks for the help,
Attila