The Cisco Documentation is unclear around the ability of the PIX to provide QoS per VPN connection. I require the ability to limit available bandwidth on a Per VPN basis and need to determine if this is possible before recommending the above product
For clarification of the above point I have constructed the following illustration:
A datacentre has a 8 mbps internet connection
Remote customer sites have nailed up VPN connections to the datacenter to share the Hosted solution with various internet connection speeds
Based upon the agreed speed level of access I need to ability to enforce the bandwidth available to certain customers for example one will get a 1mbps connection, the other a 2 mbps connection etc. This is required so that service levels for all customers can be met.
I believe this is incorrect. The Modular Policy Framework (MPR) allows tunnel-groups to have QoS and Traffic Policing applied.
With the MPR you can do three things. You can limit the amount of bandwidth available to each VPN tunnel and you can use QoS to give priority to certain types of traffic after it has been decrypted or apply QoS to IPSec traffic in general
However, guaranting a minumum amount of bandwidth is not directly possible. To do this you have to section all of the traffic into groups and restrict the bandwidth available to each group when combined equalling the total available bandwidth. This assumes that every connection will flood the pipe simultaneously and is a tremendous waste of bandwidth when the connections are not flooded.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...