I use the GRE tunnel (with keepalive)and IPSEc at ISR 2821 with AIM-VPN/EPII-PLUS.
And also I use QoS for various traffic.
service-policy output command is applied to the tunnel interface.
And I can classify those traffic and shape the bandwidth.
When WAN traffic is congested, GRE keepalives dropped then the tunnel interface is down.
I tried to creat some access-lists like below for adding GRE keepalive to qos class, but I couldn't. Even access-list didn't count up.
access-list <number> permit gre host <tunnel-source> host <tunnel-destination>
According to this site(http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008040a17c.shtml), quote "Keepalive packets are treated as ordinary packets, and so it is possible that they can be dropped under high traffic conditions. For now, you can change the number of retries to deal with this issue. If this proves to be inadequate eventually, you can put locally generated keepalive packets in a high priority queue for transmission."
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...