Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

paa
New Member

QoS and GRE with IPSEC

Hi! I have a central office (with 2821) and 3 remote sites. Remote sites connected to center trought GRE with IPSEC. Now I want to guarante some bandwitch to computers in one remote site.

How can I configure 2821 to guarante 2Mb bandwitch outgoing traffic for hosts in RM-1 (192.168.1.0)?

2821:

crypto map VPN 10 ipsec-isakmp

set peer 172.16.0.2

match add TO-192.168.1.0

!

inter tunn0

descr =To-RM-1=

ip add 10.0.0.1 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.2

ip nat inside

!

inter  tunn1

descr =To-RM-2=

ip add 10.0.0.5 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.3

!

inter tunn2

descr =To-RM-3=

ip add 10.0.0.9 255.255.255.252

tunn sour gig0/0

tunn dest 172.16.0.4

!

inter gig0/0

descr =To-Outside=

ip add 172.16.0.1 255.255.255.0

ip nat outside

crypto map VPN

!

inter gig0/1

descr =To-Inside=

ip add 192.168.0.1 255.255.255.0

!

ip nat inside source list TO-NAT inter gig0/0 over

ip route 192.168.1.0 255.255.255.0 tunn0

ip route 192.168.2.0 255.255.255.0 tunn1

ip route 192.168.3.0 255.255.255.0 tunn3

!

ip access ext TO-192.168.1.0

perm gre host 172.16.0.1 host 172.16.0.2

!

ip access ext TO-NAT

perm ip 192.168.0.0 0.0.0.255 any

perm ip 192.168.1.0 0.0.0.255 any

!

!

RM-1:

!

inter tunn0

ip add 10.0.0.2 255.255.255.252

tunn sour fast0/0

tunn dest 172.16.0.1

!

inter fast0/0

descr =To-Outside=

ip add 172.16.0.2 255.255.255.0

!

inter fast0/1

descr =To-Inside=

ip add 192.168.1.1 255.255.255.0

!

ip route 192.168.0.0 255.255.255.0 tunn0

1 REPLY
Cisco Employee

Re: QoS and GRE with IPSEC

Hi,

If you need guarantee 2M bandwidth for traffic from central office to RM-1? You can config something like the following

class-map TO-RM1

match access-group TO-RM1

policy-map CLASSIFY

class TO-RM1

set ip dscp af31

int fa0/1

service-policy in CLASSIFY

class-map QOS

match ip dscp af31

policy-map QOS

class QOS

bandwidth 2M

class class-default

fair-queue

int fa0/0

service-policy out QOS

HTH,


Lei Tian

147
Views
0
Helpful
1
Replies