«

Hello, I need some help setting up a QoS for Terminal Services on
several on our Routers. First let me explain our current set up. Router
A is a 1721, with two Serial Wics. One T1 to the internet, one PtP to
another facility. Router B is also a 1721 and getting internet through
router A. Both Routers A and B are connecting to a Terminal Server farm
in our Home Office which is network 12.x.x.0. Both Routers A and B are
performing PAT and have a VPN to our Home office, but we don't want
them pushing RDP traffic through the VPN and are connecting externally
to the TS farm. Lately We've been having problems with a single user on
behind router A or B that has been sucking up almost the Entire
bandwith causing all other users to slow down considerably and
sometimes causing other users to get disconnected. I'm looking to
Implement a QoS so that this no longer happens and that no one user can
suck that much Bandiwth. I've pasted the relevent configs below and
help you can offer will be much appriciated.

Router A

crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp xxxxxxxx address x.x.x.x
crypto isakmp keepalive 10 2
!
!
crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
!
crypto map to_vpn 10 ipsec-isakmp
set peer x.x.x.x
set transform-set to_vpn
match address 101
!
!
!
!
interface FastEthernet0
description RouterA LAN
ip address 192.168.100.1 255.255.255.0
ip nat inside
speed 10
half-duplex
!
interface Serial0
description Router A to Internet
ip address x.x.x.x 255.255.255.252
ip nat outside
no fair-queue
crypto map to_vpn
!
interface Serial1
description Router A point to point to Router B
ip address x.x.x.x 255.255.255.252
no ip route-cache
no ip mroute-cache
service-module t1 clock source internal
!
ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.252
ip nat inside source route-map nonat pool mypool overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
logging source-interface FastEthernet0
logging x.x.x.x

route-map nonat permit 10
match ip address 110



Router B

crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp xxxxxxxx address x.x.x.x
crypto isakmp keepalive 10 2
!
!
crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
!
crypto map to_vpn 10 ipsec-isakmp
set peer x.x.x.x
set transform-set to_vpn
match address 101
!
!
!
!
interface FastEthernet0
description RouterB LAN
ip address 192.168.101.1 255.255.255.0
ip nat inside
speed 10
half-duplex
!
interface Serial0
description Router B Poing to Point to Router A
ip address x.x.x.x 255.255.255.252
ip nat outside
no fair-queue
crypto map to_vpn
!
!
ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.252
ip nat inside source route-map nonat pool mypool overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
logging source-interface FastEthernet0
logging x.x.x.x

route-map nonat permit 10
match ip address 110


Thanks in advance for any help.