Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 515e (unrestricted) V7.0 and QoS with VPN

The Cisco Documentation is unclear around the ability of the PIX to provide QoS per VPN connection. I require the ability to limit available bandwidth on a Per VPN basis and need to determine if this is possible before recommending the above product

For clarification of the above point I have constructed the following illustration:

• A datacentre has a 8 mbps internet connection

• Remote customer sites have nailed up VPN connections to the datacenter to share the Hosted solution with various internet connection speeds

• Based upon the “agreed speed level of access” I need to ability to enforce the bandwidth available to certain customers for example one will get a 1mbps connection, the other a 2 mbps connection etc. This is required so that service levels for all customers can be met.


  • Other Security Subjects

Re: PIX 515e (unrestricted) V7.0 and QoS with VPN

I think Bandwidth can be restricted only to a class of service and not VPN.

The followign url will give you a detailed explanation

New Member

Re: PIX 515e (unrestricted) V7.0 and QoS with VPN

I believe this is incorrect. The Modular Policy Framework (MPR) allows tunnel-groups to have QoS and Traffic Policing applied.

With the MPR you can do three things. You can limit the amount of bandwidth available to each VPN tunnel and you can use QoS to give priority to certain types of traffic after it has been decrypted or apply QoS to IPSec traffic in general

However, guaranting a minumum amount of bandwidth is not directly possible. To do this you have to section all of the traffic into groups and restrict the bandwidth available to each group when combined equalling the total available bandwidth. This assumes that every connection will flood the pipe simultaneously and is a tremendous waste of bandwidth when the connections are not flooded.

New Member

Re: PIX 515e (unrestricted) V7.0 and QoS with VPN

Thanks a bunch for you reply’s guys.

I’m trying to limit the maximum amount of bandwidth allowed per VPN as opposed to the minimum so looks like I am in business then!

Thanks again