Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS on tunnel using IPSec Profile

I wanting to know whether the 'qos pre-classify' needs to be applied, and where it needs to be applied when using ipsec/gre tunnel with ipsec profile.

I notice on a 'pure' VTI tunnel the policy is applied to the tunnel directly without any 'qos pre-classify'. Does the same apply for a GRE/IPSec tunnel using ipsec profile?

Here is my config,

crypto ipsec profile VPNPROFILE

set transform-set VPN

class-map match-any E_QOS_CLASS

match access-group name E_QOS_ACL

class-map match-any VOICE_CLASS

match ip dscp ef

policy-map QOS_POLICY

class VOICE_CLASS

priority percent 33

class class-default

fair-queue

policy-map SHAPE_POLICY

class E_QOS_CLASS

shape average 112000

service-policy QOS_POLICY

interface Tunnel

bandwidth 128

ip address 192.168.xxx.xxx 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source 192.168.xxx.xxx

tunnel destination 192.168.yyy.yyy

tunnel protection ipsec profile VPNPROFILE

service-policy output SHAPE_POLICY

interface FastEthernet0

bandwidth 128

ip address 192.168.ZZZ.XXX 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

I notice that when I do a 'sh policy-map int tunnel' I get packets matched as well as shaping when I do a large file transfer, so to it me it's working.

Any ideas would be appreciated.

308
Views
0
Helpful
0
Replies