Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to prioritize VPN traffic in Cisco router

Hai,

One of the customer has put one request.Customer wants to Priortize his VPN Traffic in router,topology is like this

Internet RTR === Checkpoint==Cstmr LAN

customer is using IPSEC in check point.Is it possible to priortize the vpn traffic in Router (Cisco 1800 Sers)...pls share the input also the command to do the same

thanks in Advance

Lijesh

6 REPLIES

Re: How to prioritize VPN traffic in Cisco router

What's the point of prioritizing the traffic in the router when it loses all priority beyond that (on the internet)? It's possible to do, but doesn't make much sense. Find out what the real problem the customer is experiencing and address that.

Hope that helps.

New Member

Re: How to prioritize VPN traffic in Cisco router

hai,

Thanks for the update ..Customer is using site to site tunneling (destination hosted in Germeny) ...concern here is outgoing and incomming vpn traffic comming/going to router has to be given priority rest traffic has to be given low priority...

Lijesh

New Member

Re: How to prioritize VPN traffic in Cisco router

Presumably your customer is selecting interesting traffic to encrypt in the tunnel by an access list that is called by the crypto map. All other traffic needs to be given lower priority, so can you just use QoS to prioritise the same access list that the crypto map uses?

Tim

New Member

Re: How to prioritize VPN traffic in Cisco router

Hai,

Thanks for the input ..can u share a sample configuration for the same ...Currently custoemr not using any config in router.tunnel is created in check point...

only config is belw mentioned rest all comn config

p classless

ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

Lijesh

New Member

Re: How to prioritize VPN traffic in Cisco router

Okay,

First you need a crypto map like this:

crypto map MYMAP local-address Loopback0

crypto map MYMAP 1 ipsec-isakmp

description VPN tunnel to Germany

set peer t.t.t.t (the other end of the IPSEC tunnel - public address)

set transform-set ESP-3DES-SHA (or whatever...)

match address Encrypt

Now you need to make an access-list called “Encrypt” and that would look something like this:

ip access-list extended Encrypt

permit ip n.n.n.n 0.0.0.255 y.y.y.y.0 0.0.0.255

permit ip n.n.n.n0.0.0.255 z.z.z.z 0.0.0.255

permit ip n.n.n.n0 0.0.0.255 x.x.x.x 0.0.0.255

and so -on, where n.n.n.n = LAN address

y.y.y.y, z.z.z.z & x.x.x.x = remote networks that need encrypting.

Now this list “Encrypt” can be used to mark traffic for QoS (see cisco main site on how to police and mark traffic.)

Hope this helps.

Tim

New Member

Re: How to prioritize VPN traffic in Cisco router

Wah,

great but a big list ...let me have check ..will let you know the status ..

Lijesh

476
Views
3
Helpful
6
Replies