I try to implement CAR for limiting bandwidth used by specific trafic under an IPSec Tunnel between 2 878 routers over SDSL.
I specify access-list and use the rate-limit command under the dialer 1 interface.
The problem is that the dialer 1 interface has also the crypto map command and I think that the rate-limit command cannot work because the trafic is already encrypt when the rate-limit command is apply.
you should have a look at the qos pre-classify feature. Basically the router "remembers" the original - unencrypted - header and can match based on this info. Unfortunately this is not supported by CAR, afaik. You would have to use class-based shaping, which is the better option anyhow IMHO.
An example config could be something like:
class-map match-all Limit1
match ip address 101
class-map match-all Limit2
match protocol ftp
shape average 100000
shape average 64000
service-policy output RateLimit
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq 80
For further reading I would recommend you "Configuring QoS for Virtual Private Networks"
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :