Re: Internet VPN with rate limit

fmatrine · ‎02-12-2007

Hi All,

We are looking for Internet Leased Line of bandwidth 4Mbps, IP details are /27 IP Public pool for Lan segment.Interface on the lan and wan side will be ethernet.

/29 Wan IP address is proposed for building four site to site VPN with other locations.

Different Source IP to be used for forming individual Site-to-Site VPN session.

Each site-to-site vpn session should be rate limited to 1Mbps based on the WAN IP.

Pls advice with sample config on how can we acheive this.

Also refer the attached schematic for details.

spremkumar · ‎02-12-2007

Hi

Can you confirm on what kinda vpn you are trying to establish between point to point ?

Is it going to be simple GRE based vpn or ipsec tunnels being formed between your locations..

I feel you can achieve it using 2 ways one is to create access-lists matching your wan and the remote locations wan ip then create CAR (rate-limit) with the access-group applied onto the command allowing only 1 Mbps.

The second way would be configuring class based policing in which you match all the wan ip address configured on the wan points.

match the same under the class map and use police command under policy map so that you dont exceed 1 Mbps limit.

Make sure you have identical configs at the remote locations too so that you have limit applied on both the ends..

CAR :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080760d90.html

CB-Policing :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00804a27c4.html

regds