Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Implemeting QoS to prioritise VPN traffic over Internet Traffic

We have a scenario with a PIX 515 behind a Cisco 2600 edge router connecting to the Internet at a London site. A VPN is configured from this PIX to a remote PIX 515 in Germany. Users at the London site either send traffic to Germany via the VPN or to the Internet. All Internet traffic gets NAT'd to a public address that ISN'T the untrusted interface address. We want to implement QoS on the Edge Cisco router in London to prioritise VPN traffic. My understanding is the VPN traffic will have an IP header by the time it reaches the edge router with a source of the untrusted interface of the local pix and a destination of the untrusted interface on the rmote PIX. The Internet traffic will have random destinations but a source of the NAT address we have specified. Therefore we can implement QoS on the edge router and prioritise VPN traffic based on its unique source/destination pair. Am I correct? Has anyone tried this or can anyone forsee any problems? Thanks


Re: Implemeting QoS to prioritise VPN traffic over Internet Traf

Unless the traffic is going over an IPLC, which means, traffic goes over the internet, there is no real use, in implementing QOS, because, QOS has to be configured end to end. No bandwidth is guaranteed for the VPn traffic, when it goes over the internet.

Definitely you can limit the bandwidth as well allocate specific bandwidth, used on your wanlink, by the vpn traffic versus internet traffic, if thats what you are looking for.

New Member

Re: Implemeting QoS to prioritise VPN traffic over Internet Traf

If you run your VPN tunnel in transport mode, only the data payload is encrypted. Routers down the path can still see the final source and destination IP address. This will allow for some QoS implementations, however the Layer 4 information will be encrypted.

Curtis R. Gregg

CreatePlease login to create content