«

I have two sites.On the one site I have a cisco 2621 with two Ethernet
interface one for the LAN
and one for WAN.The bandwith to the ISP is 512 Kbit/s up and
downstream.
On the other site I have a cisco 1721 with two Ethernet interface one
for the LAN and one for WAN.Upstream to the ISP ist 192
Kbit/s,downstream is 768 Kbit/s.
The two sites are connected via VPN-Tunnel.There is only ICA traffic
(Citrix) between this sites.The other task for both routers is,to
share http-traffic or some other traffic to the internet.
How can I prior the traffic,that ICA-traffic through the VPN-Tunnel is
prefered.

In article <> ,
Michael <> wrote:
:How can I prior the traffic,that ICA-traffic through the VPN-Tunnel is
refered.

Create an ACL that matches the ICA traffic, and create a route-map
that sets the priority higher when that ACL is matched. Apply the
route-map to the interface as a routing policy. This is known as
"policy routing".

I have not checked to see whether the necessary commands are supported
on the 1721 or 2621, or which features or software versions you
would need to use them.

Also, because you are using a VPN, you might perhaps have to
send the traffic to a loopback interface that has this policy routing
applied to it, and use that loopback interface as the source of the
traffic for the VPN. I do not know if you can apply policy routing
directly to a VPN. (It might depend how you are implimenting the
VPN. You could probably apply policy routing to a gre 'tunnel'
interface.)

--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire

You need to implement one of:
a) custom queuing
b) priority queuing
c) class-based weighted fair queuing (CBWFQ)
d) low latency queuing (LLQ) ( meant for voice usage)

These prioritization techniques/mechanisms are now referred to as
Quality of Service (QOS).

IOS also has a feature called NBAR (network-based application
recognition, but this may only be supported on Cisco's high-end
routers.

I believe that the Citrix ICA protocol uses TCP port 1494 for client
to server traffic and UDP port 1604 for Citrix application browsing.
You will uses these port numbers in an extended access-list for QOS
packet classification.



If you end up having to use a GRE tunnel in order to implement QOS
between your two site, make sure the MTU size on the tunnel interface
is set to 1440. Otherwise you will end up fragmenting and your CPU
usage will increase dramamtically.

see Cisco documentr QOS for VPN

http://cco.cisco.com/en/US/customer/...4.html#1022154

The QoS for VPNs feature provides a solution for making Cisco IOS
Quality of Service services operate in conjunction with tunneling and
encryption on an interface. Cisco IOS software can classify packets
and apply the appropriate QoS service before the data is encrypted and
tunneled. The QoS for VPN feature allows users to look inside the
packet so that packet classification can be done based on original
port numbers and based on source and destination IP addresses. This
allows the service provider to treat mission critical or multi-service
traffic with higher priority across their network.