Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
6
Replies

VPN Bandwidth

gavin.mckee
Level 1
Level 1

‎08-15-2006 11:22 PM

Hi

If I have a VPN as a backup link over a 10Mbps ISP Cloud, is there anyway to tell the VPN that it is only allowed to take 2Mbps?

Labels:
0 Helpful
6 Replies 6

m.sir
Level 7
Level 7

‎08-16-2006 12:43 AM

In other words you need QoS (traffic shape for IPSEC)

try following document

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns109/networking_solutions_white_paper09186a00801890f7.shtml

M.

Hope that helps rate if it does

0 Helpful

gavin.mckee
Level 1
Level 1
In response to m.sir

‎08-16-2006 04:23 AM

Thanks for that but... this document seems to say that you can use QOS to reserve at least 2Mbps over the 10Mbps link. My question is can you constrain IPSec to using only 2Mbps?

Gav

0 Helpful

mustafa_nbk
Level 1
Level 1
In response to gavin.mckee

‎09-05-2006 09:23 PM

If this VPN is terminating on VPN concentrator then it's quit easy. Even if it will terminate on any device then also it should possible. Please give me more idea about the setup.

Thanks,

Mustafa

0 Helpful

gavin.mckee
Level 1
Level 1
In response to mustafa_nbk

‎09-07-2006 04:56 AM

No such luck having a nice toy like a VPN Concentrator!! The VPN is terminating on a Cisco Router. The setup is basically 2 cisco routers connected directly to the internet via a 3550 switch (one router in Dublin one in London). I want the 2 routers to use a % of the avilable bandwith so that it does not impact on normal internet access.

0 Helpful

tom.shiba
Level 1
Level 1

‎09-09-2006 01:16 AM

You might have to adjust it but I think this is what you are looking for. This is a child nested map which contains your IPsec policer at 2 megs. The parent "QOS-OUTPUT" shapes and will actually limit your outbound bandwidth to exactly 10megs. You may have to tweak it a little. I like this method as you can use %s in your class which is relative to your max bandwidth of the parent class.

class-map match-any IPSEC

match access-group name IPSEC

!

policy-map QOS-CLASS

class IPSEC

police rate 2000000 bps burst 2000 bytes

conform-action transmit

exceed-action drop

queue-limit 30

!

policy-map QOS-OUTPUT

class class-default

shape average 10000000 1000

service-policy QOS-CLASS

!

interface Ethernet1

description OUTSIDE

service-policy output QOS-OUTPUT

!

ip access-list extended IPSEC

permit udp any any eq 500

permit udp any any eq 4500

permit esp any any

!

0 Helpful

gavin.mckee
Level 1
Level 1
In response to tom.shiba

‎09-11-2006 02:47 AM

Thanks for this posting... I have a few questions

what does this mean?

police rate 2000000 bps burst 2000 bytes

and what does this mean?

shape average 10000000 1000

If the Internet connection is 10Mbps do I set the police rate to 10,485,760 bps

the maximum bandwith I would like to make avilable is 8Mbps 8,388,608 bps

Thanks for your help... I am very interested in totally understanding the configuration options and how I can tweak them.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents