Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Packet differentiation in a router?

I have IPSec VPN going out of a PIX515 to a 2611 router. Through this PIX is going out aslo non-VPN Web trafic like MP3. At the router which has two interface with fixed IP address connected to the Internet (1xADSL, 1x64kbps), I would like the VPN traffic to always use the ADSL while forcing the other trafic to lower level and use the 64kbps, and if room, use what is left of the ADSL.

How then recognise and prioritize at the router level VPN traffic? By the packet type, IPSec? Is the 2611X enough for that (45 users at this site and 30 remote).

  • Other Security Subjects
New Member

Re: VPN Packet differentiation in a router?

You can identify the IPSec Traffic by the Source and Destination Port numbers.

For ISAKMP i.e. Initial Tunnel Setup and then Key Re-negotiation - UDP, 500 (For both source and destination)

IPSec Encapsulation - Protocol Number = 50 (ESP)

If using PPTP then TCP - 1723 (Destination Port), For Control Setup

and GRE (Protocol Number=47) for Encapsulation

This widget could not be displayed.