Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS when IPSEC and GRE terminate on different routers

We have an environment with about 120 STS VPN sites.  Each site terminates IPSec on an ipsecdist router that is in a DMZ.  Each site also terminates a GRE tunnel on a vpndist router that is on our trusted network.  Currently, QoS is applied outbound on the tunnel interfaces on the vpndist routers.

The issue we are having with the current configuration is the policy map and shaping polices are not accounting for the 52 bytes that are added after the packet leaves the vpndist router and gets encapsulated in IPSec by the ipsecdist router.

Is there a QoS mechanism that we can use to instruct the vpndist router to add 52 bytes to each packet before calculating the bandwidth percentages in the policy map and the overall rate in the shaping policy?

New Member

Re: QoS when IPSEC and GRE terminate on different routers

Then you should push the QOS policy further out on the IPSECDist Router.


CreatePlease login to create content