I use the GRE tunnel (with keepalive)and IPSEc at ISR 2821 with AIM-VPN/EPII-PLUS.
And also I use QoS for various traffic.
service-policy output command is applied to the tunnel interface.
And I can classify those traffic and shape the bandwidth.
When WAN traffic is congested, GRE keepalives dropped then the tunnel interface is down.
I tried to creat some access-lists like below for adding GRE keepalive to qos class, but I couldn't. Even access-list didn't count up.
access-list <number> permit gre host <tunnel-source> host <tunnel-destination>
According to this site(http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008040a17c.shtml), quote "Keepalive packets are treated as ordinary packets, and so it is possible that they can be dropped under high traffic conditions. For now, you can change the number of retries to deal with this issue. If this proves to be inadequate eventually, you can put locally generated keepalive packets in a high priority queue for transmission."
So how do I prevent GRE keepalive from dropping?