Can qos pre-classify be enable over an IPSec VPN running from a 3825 ISR router to a VPN concentrator? I know it will work over GRE and IPSec site-to-site VPN's where the termination point is a router but I'm not sure about the concentrator. Any thoughts??
I don't think my response directly answers you question, but I can share my experience with qos pre-classify. Likewise we run it on router to router ipsec vpn tunnels, and define qos marking and honoring for LLQ.
Regarding the 3000 Concentrator I cannot say directly, however, I do know that on the ASA firewalls (next gen of VPN Concentrator/PIX), you can honor qos marked traffic or prioritize it into vpn tunnels that terminate on the device via acl's. Since the ASA's don't use tunnel interfaces (tunnel-groups instead), the qos voip assignments are placed on the physical interface, but is applied to the rtp stream. The method below rate limits all non voice traffic, then llq prioritizes the rtp stream based on either the dscp value or the rtp udp range. Below is a qos example on the ASA5505 for a DSL line with 768kb download, 128kb upload, allowcating 64-80kb for a G729 call...not sure how it would apply to the VPN Conecntrator:
description Match non-Marked VoIP (RTP) packets
match rtp 16384 16383
description match Marked VoIP (RTP) packets
match dscp ef
police input 704000 (rate limit non voice in bps)
police output 64000 (rate limit non voice in bps)
service-policy VoIP-outside interface outside
I didn't cover the router pre-qos side..I figure you're solid on that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :