Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS on a network-extension mode at EasyVPN Remote


I'm not sure whether this question belongs to this category but...

On one end, an ASA 7.2(2), on the other, a 871 running 12.4(11)T2 AdvSecurity configured as EasyVPN Remote Network-Extension. This works fine but I cannot seem to find the way to set a CBWFQ to schedule outbound traffic at the branch side. I used VTIs and imported that inside client ezvpn configuration but there are no hits on class-map ACLs nor can I see any output at all from show commands.

The remote site's configuration is attached.

For the record, I get the following message even though the configurations is pretty much the same as the examples found at

Class Based Weighted Fair Queueing will be applied only to the Virtual-Access interfaces associated with an MLP bundle.

Could any of you give me a hand?

Thanks in advance.


Re: QoS on a network-extension mode at EasyVPN Remote

It looks like bug to me, refer the bug-id: CSCdy05295

New Member

Re: QoS on a network-extension mode at EasyVPN Remote

Thanks, Edgar

So, the message wasn't originally clear enough and it was rephrased to "Note: Class Based Weighted Fair Queueing supported on MLPPP bundle interface only." which is pretty much what I got. Anyway, just for testing, I reconfigured the branch side to a traditional crypto map scheme and applied QoS preclassification on it to make it work. Sadly, at the hub (ASA 5540) some IKE phase 1 issues arose and I got stuck again.

Aggressive mode is allowed at the branch (not explicitly denied) and a dynamic named L2L tunnel-group is configured at the hub. It should work but,...

Well, if you could come up with an alternative, I would very much like to hear it.

Thanks in advance,