How to Implement QOS for Destinations that are connected by VPN
I have 1811 router(12.4.11(2)T) at SITEA and this site has dsl connection for Internet services.This 1811 has IPSEC and Easy VPN tunnels connecting to other sites.
I want to give priority to destination subnet 10.32.8.0/22 for IP protocol which is on the other side of VPN tunnel1.The destination subnet 10.32.0.0/22 is used for authentication via RSA which is on the other side of VPN Tunnel2 .The source subnet is 172.26.47.0/24 behind BVI interface.What commands need to put so that source subnet gets high priority to 10.32.8.0/22 but at the same time administrators also can log on to this router from subnet 10.32.0.0/22 for maintenance.All other traffice shall also flow but with lesser priority.Please let me know the right commands to complete this task.
Please see config below
description PPPOE based High Speed Internet
no ip address
ip route-cache flow
pppoe enable group global
pppoe-client dial-pool-number 1
interface BVI1 description Virtual Bridging Interface ip address 172.26.47.100 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ip policy route-map no_nat crypto ipsec client ezvpn DR inside
crypto ipsec client ezvpn DR
group XYZ key abc
peer 18.104.22.168 default
crypto map rt 3 ipsec-isakmp
set peer 22.214.171.124
set transform-set z_Transform_AES_256
set pfs group2
match address 10.32.0.0-Subnet
ip access-list extended 10.32.0.0-Subnet
permit ip 172.26.47.0 0.0.0.255 10.32.0.0 0.0.255.255
crypto map rt1 3 ipsec-isakmp
set peer 126.96.36.199
set transform-set dz_Transform_AES_256
set pfs group2
match address 10.32.8.0/22-Subnet
ip access-list extended 10.32.8.0/22-Subnet
permit ip 172.26.47.0 0.0.0.255 10.32.8.0 0.0.3.255
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...