QoS prior to IPSEC

I have multiple 1811W routers in the field. All of these connect to ATT managed T1 routers(1841 at all offices).

I have my interface to the 1841 on FA1, the interface gets a full public IP.

I have the default LAN route go through an IPSEC tunnel to my corporate office.

My LAN is setup as BVI1 bridging the VLAN1 and Dot11Radio0 interfaces. I need to apply QoS to the BVI interface, and I"d like to use traffic shaping. I essentially need the following:

384kbps guaranteed bandwidth for SIP traffic(dscp of 'ef') 512kbps guaranteed bandwidth for Citrix The remaining bandwidth fair queued for all other traffic(SMTP, HTTP, etc etc), and bursting to 1.5Mbps whenever it's available.

I need to keep it below the T1's 1.5Mbps, so as not to saturate their WAN link causing voice issues.

Any ideas where to apply the QoS policy-map, and/or how to traffic shape(if possible)? Obviously this has to be done prior to crypto, so I'm assuming it has to be done on the BVI Inbound interface.


Reply to
Loading thread data ...

check out Cisco doc "Configuring CBWFQ for IPSec VPN"

formatting link
qos-preclassify command under crypto map

Reply to

Just what I needed, thanks!

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.