Remilekun Okegbenro
asked on
help: Cisco QOS configuration on VPN link
i am trying to configure QOS for site to site VPN, i want to dedicate 50% of the bandwidth on the physical interface to VPN traffic, then the remaining bandwidth to internet traffic. the connection to intranet server is very slow and the internet link is 10 mbps.
i have tried couple of things my self but it didn't work, perhaps you can just check my configuration and make few suggestions.
access-list 112 permit ip any 192.168.0.0 0.0.0.255
class-map match-all test-qos
match access-group 112
policy-map qos-pmap
class test-qos
bandwidth percent 50
Class class-default
Average Rate Traffic Shaping cir 5000000
interface Tunnel0
ip address 172.16.60.1 255.255.255.252
qos pre-classify
interface GigabitEthernet0/0
bandwidth 15000
service-policy output qos-pmap
i have tried couple of things my self but it didn't work, perhaps you can just check my configuration and make few suggestions.
access-list 112 permit ip any 192.168.0.0 0.0.0.255
class-map match-all test-qos
match access-group 112
policy-map qos-pmap
class test-qos
bandwidth percent 50
Class class-default
Average Rate Traffic Shaping cir 5000000
interface Tunnel0
ip address 172.16.60.1 255.255.255.252
qos pre-classify
interface GigabitEthernet0/0
bandwidth 15000
service-policy output qos-pmap
Class class-default
Average Rate Traffic Shaping cir 5000000 .... leave blank ...in class-default ...
1) try to put VPN end points in ACL ..put real IPs and see...
2) change bandwidth command on WAN from 15000 to 10000.
3) You have to apply policy as per traffic analysis of both end...
Average Rate Traffic Shaping cir 5000000 .... leave blank ...in class-default ...
1) try to put VPN end points in ACL ..put real IPs and see...
2) change bandwidth command on WAN from 15000 to 10000.
3) You have to apply policy as per traffic analysis of both end...
You can shape traffic only inside tunnel.
On physical interface you can only shape between different tunnels.
On physical interface you can only shape between different tunnels.
ASKER
thanks guys, i am going to try your suggestions and revert as soon as possible
ASKER
i have tried it, but it still did not work. it became a bit slower when i change the access-list to:
access-list 112 permit ip any 172.16.60.0 0.0.0.3 which is the tunnel interface subnet.
i really need help on this please.!!
the Server that is giving me major problem is the Application server which is running on Microsoft sql server 2008 backend
access-list 112 permit ip any 172.16.60.0 0.0.0.3 which is the tunnel interface subnet.
i really need help on this please.!!
the Server that is giving me major problem is the Application server which is running on Microsoft sql server 2008 backend
Thats what QoS does - make ona a bit slower to make another faster.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Also note that you will not be able to do reliable QoS, as you can only control traffic going OUT, but will not be able to keep traffic from coming in from the internet ...