Prior traffic between VPN and http

Discussion in 'Cisco' started by Michael, May 9, 2004.

  1. Michael

    Michael Guest

    I have two sites.On the one site I have a cisco 2621 with two Ethernet
    interface one for the LAN
    and one for WAN.The bandwith to the ISP is 512 Kbit/s up and
    On the other site I have a cisco 1721 with two Ethernet interface one
    for the LAN and one for WAN.Upstream to the ISP ist 192
    Kbit/s,downstream is 768 Kbit/s.
    The two sites are connected via VPN-Tunnel.There is only ICA traffic
    (Citrix) between this sites.The other task for both routers is,to
    share http-traffic or some other traffic to the internet.
    How can I prior the traffic,that ICA-traffic through the VPN-Tunnel is
    Michael, May 9, 2004
    1. Advertisements

  2. In article <>,
    Michael <> wrote:
    :How can I prior the traffic,that ICA-traffic through the VPN-Tunnel is

    Create an ACL that matches the ICA traffic, and create a route-map
    that sets the priority higher when that ACL is matched. Apply the
    route-map to the interface as a routing policy. This is known as
    "policy routing".

    I have not checked to see whether the necessary commands are supported
    on the 1721 or 2621, or which features or software versions you
    would need to use them.

    Also, because you are using a VPN, you might perhaps have to
    send the traffic to a loopback interface that has this policy routing
    applied to it, and use that loopback interface as the source of the
    traffic for the VPN. I do not know if you can apply policy routing
    directly to a VPN. (It might depend how you are implimenting the
    VPN. You could probably apply policy routing to a gre 'tunnel'

    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
    Walter Roberson, May 9, 2004
    1. Advertisements

  3. Michael

    mh Guest

    You need to implement one of:
    a) custom queuing
    b) priority queuing
    c) class-based weighted fair queuing (CBWFQ)
    d) low latency queuing (LLQ) ( meant for voice usage)

    These prioritization techniques/mechanisms are now referred to as
    Quality of Service (QOS).

    IOS also has a feature called NBAR (network-based application
    recognition, but this may only be supported on Cisco's high-end

    I believe that the Citrix ICA protocol uses TCP port 1494 for client
    to server traffic and UDP port 1604 for Citrix application browsing.
    You will uses these port numbers in an extended access-list for QOS
    packet classification.

    If you end up having to use a GRE tunnel in order to implement QOS
    between your two site, make sure the MTU size on the tunnel interface
    is set to 1440. Otherwise you will end up fragmenting and your CPU
    usage will increase dramamtically.
    mh, May 10, 2004
  4. Michael

    mh Guest

  5. Michael

    mh Guest

    The QoS for VPNs feature provides a solution for making Cisco IOS
    Quality of Service services operate in conjunction with tunneling and
    encryption on an interface. Cisco IOS software can classify packets
    and apply the appropriate QoS service before the data is encrypted and
    tunneled. The QoS for VPN feature allows users to look inside the
    packet so that packet classification can be done based on original
    port numbers and based on source and destination IP addresses. This
    allows the service provider to treat mission critical or multi-service
    traffic with higher priority across their network.
    mh, May 10, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
  2. Replies:
    Sep 11, 2012
  3. Scott
    Aug 4, 2004
  4. Evolution
    Walter Roberson
    Feb 27, 2007
  5. milan_9211


    milan_9211, Jan 10, 2011, in forum: Software
    Jan 10, 2011