I'm not sure whether this question belongs to this category but...
On one end, an ASA 7.2(2), on the other, a 871 running 12.4(11)T2 AdvSecurity configured as EasyVPN Remote Network-Extension. This works fine but I cannot seem to find the way to set a CBWFQ to schedule outbound traffic at the branch side. I used VTIs and imported that inside client ezvpn configuration but there are no hits on class-map ACLs nor can I see any output at all from show commands.
The remote site's configuration is attached.
For the record, I get the following message even though the configurations is pretty much the same as the examples found at cisco.com.
Class Based Weighted Fair Queueing will be applied only to the Virtual-Access interfaces associated with an MLP bundle.
Re: QoS on a network-extension mode at EasyVPN Remote
So, the message wasn't originally clear enough and it was rephrased to "Note: Class Based Weighted Fair Queueing supported on MLPPP bundle interface only." which is pretty much what I got. Anyway, just for testing, I reconfigured the branch side to a traditional crypto map scheme and applied QoS preclassification on it to make it work. Sadly, at the hub (ASA 5540) some IKE phase 1 issues arose and I got stuck again.
Aggressive mode is allowed at the branch (not explicitly denied) and a dynamic named L2L tunnel-group is configured at the hub. It should work but,...
Well, if you could come up with an alternative, I would very much like to hear it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...