Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Traffic prioritisation within Ipsec tunnels

I have a WAN link between two IOS routers that will be encrypting all traffic via IPsec. I need to prioritise traffic across this link.

I'm aware of two methods I can use:

a) priority queuing and qos pre-classify

b) manipulation of diffserv bits (TOS) and service policies

One of the routers is running 12.1.22b(GD) and cannot be upgraded to 12.2.

Neither of the above mechanisms appear to be available in 12.1 GD.

Can anyone suggest another way I can achieve this with IOS 12.1 GD?

Thanks in advance for any suggestions.


Re: Traffic prioritisation within Ipsec tunnels

Priority queuing is available with 12.1 and you could use this feature. Below is the link to the QoS configuration guide for 12.1. It'll help you with the options that are available.

New Member

Re: Traffic prioritisation within Ipsec tunnels

Thanks for that.

I've worked out how I can set IP Precedence bits on the ingress of the IOS12.1 router via route-map, however, I don't know how to manage the traffic on the egress interface, given that all traffic is within an IPsec tunnel, and I cannot see how I can define more than one class. (eg how I could define classes according to IP Precedence bit)

So I end up with one class say IPsecTunnel, and then try and manage congestion within a single class.


interface Ethernet0/0

ip policy route-map IPsetPrecedence

route-map IPsetPrecedence permit 10

match ip route-source IP-Precedence1-acl

set ip precedence priority


route-map IPsetPrecedence permit 20

match ip route-source IP-Precedence2-acl

set ip precedence immediate

interface Serial3/2.1

service-policy output WBC-WANlink

crypto map LOCALMAP

policy-map WBC-WANlink

class IPsecTunnel

bandwidth percent 100


random-detect precedence 1 64 256 100

random-detect precedence 2 96 256 100

class-map IPsecTunnel

match protocol ip

Is there a better way? (other than upgrading to IOS 12.2 and using classes based on dscp value

Thanks in advance for any advice.

CreatePlease login to create content