QOS for terminal services on a cisco router

I am setting up class of service on my Cisco 2600 in order to dedicate bandwidth for my remote users coming in via terminal services. I have created an access list using tcp port 3389 to identify their traffic based on another posting I saw here. access-list 101 permit tcp any any eq 3389. Will that correctly identify my remote users traffic and class it accordingly?
jwstockAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

meverestCommented:
there is also GRE packets involved.  these are protocol number 47 also to the same destination address.

note that this is a /protocol/ spec, and not a port specification.

the cisco acl would be something like:

access-list 101 permit gre any server.ip.address any

cheers.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jwstockAuthor Commented:
Would that access list entry also be necessary on my firewall? I currently have the following for the access list for the terminal services server:

access-list 101 permit tcp any gt 1023 host server.ip eq www
access-list 101 permit tcp any gt 1023 host server.ip eq 3389


If I add the gre packet entry to my firewall do I still need it for classing the data?
meverestCommented:
Hi,

yes it will need to be added to any device that filters packets routed to the vpn server.

cheers.
jwstockAuthor Commented:
For my PIX firewall should the entry be:

access-list 101 permit gre any host server.ip
meverestCommented:
yes, something like that.  I can't remember if cisco IOS recognises 'gre' as a protocol id.  if not, then use

access-list 101 permit 47 any host server.ip

cheers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.