Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Simple QOS policy

Simple QOS policy 9 years 9 months ago #20004

  • suderman
  • suderman's Avatar
  • Offline
  • Frequent Member
  • Posts: 25
  • Karma: 0
Hello !

I will desrcibe what I want to achieve as simple as possible.

I have cisco 800 series router.
This router is used for 2 things:

- internet connection
- ipsec vpn with remote cisco router

I'm looking for way to implemet on this router simple qos policy that do 2 things:

- enable higher priority when connecting with specified adresses or hosts using http or https (for example: www.somesite.com)

- secure part of the bandwidth only for vpn tunnel: if the router is overloaded by traffic to internet the portion of bandwidth for vpn will not be taken.

If You have any idea or sample conf.
that would be great. Please be detailed as much as possible.

Thank you.
The administrator has disabled public write access.

Re: Simple QOS policy 9 years 8 months ago #20137

  • krik
  • krik's Avatar
  • Offline
  • Frequent Member
  • Posts: 69
  • Karma: 0
I would go for some CBWFQ.

Strict priority for VPN protocols (ACL 101, class-map VPN) and weighted RED for the other traffic (class-map Gold-URL and DEFAULT).

I haven't tried it but it should works... (let me know :wink:)

[code:1]access-list 101 permit ahp any any
access-list 101 permit esp any any
access-list 101 permit udp any eq isakmp any
access-list 101 permit udp any any eq isakmp
!
class-map match-any Gold-URL
match protocol http url "*firewall.cx*"
match protocol http url "*cisco.com*"
class-map match-any VPN
match access-group 101
class-map match-all DEFAULT
match any
!
policy-map LAN-IN
class Gold-URL
set ip precedence 5
class DEFAULT
set ip precedence 0
!
policy-map WAN-OUT
class VPN
priority percent 75
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 7
random-detect precedence 0 20 40 10
random-detect precedence 1 22 40 10
random-detect precedence 2 24 40 10
random-detect precedence 3 26 40 10
random-detect precedence 4 28 40 10
random-detect precedence 5 31 40 10
random-detect precedence 6 33 40 10
random-detect precedence 7 35 40 10
random-detect precedence rsvp 37 40 10
!
interface Eth0
service-policy input LAN-IN
!
interface Ser0
service-policy output WAN-OUT
[/code:1]
Christophe Lemaire
www.exp-networks.be/blog/
The administrator has disabled public write access.

Re: Simple QOS policy 9 years 8 months ago #20144

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
I just want to say that split tunneling is not a good thing. :)
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup