Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
1
Replies

QoS IPSEC priority

bdedek
Level 1
Level 1

‎02-17-2004 12:01 PM - edited ‎02-20-2020 11:14 PM

Hello,

I am looking for information on prioritizing our IPSEC vpn traffic over all other traffic on our Internet connection. We have 10-15 IPSEC/GRE site-to-site VPNs connecting back to our central office. We have a non-Cisco firewall connected between the Internet and our network. Our VPN router is located behind the Firewall and is statically NATed to the Internet for inbound IPSEC connections. All traffic going to the firewall and out to the Internet passes through our Catalyst 5509 with a route switch module. Multilayer switching is enabled on the RSM/switch. Occasionally an internal user will start a large ftp and cause latency on the VPNs to reach 500ms + where 60-70ms is normal.

Is there a way, using the hardware we have, to create some type of QoS policy to reserve bandwidth for the VPN traffic? Also, where would one configure this QoS policy in this scenario, on the internal router/RSM, the Catalyst 5509 itself, or on a separate router outside the firewall?

Thanks for your insight.

Billy

0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎02-23-2004 02:10 PM

What ever QoS you want to implement has to be done before the packet is encrypted since once its encrypted there's no way to check the flag that has been set.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card