traffic shapping problem

Discussion in 'Cisco' started by jcharth@hotmail.com, Apr 6, 2005.

  1. Guest

    Hello It is being a few weeks since I started playing with our
    companies cisco routers. we have a t1 router, then a pix, and then an
    internal router. the pix is doing the tunnels for remote locations. I
    put some traffic shaping rules on the internal router and they seem to
    be working fine. I added a www traffic shaping rules to the t1 router
    and I get very little hits to the www accesslist. I believe the traffic
    comes in the tunels and vpn of the pix and then it comes out again.
    from the pix thourgh the t1 router to the internet as www traffic. but
    the access list hits are very little. and no traffic shaping happens.
    any ideas on how to limit the www traffic?
    , Apr 6, 2005
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :Hello It is being a few weeks since I started playing with our
    :companies cisco routers. we have a t1 router, then a pix, and then an
    :internal router. the pix is doing the tunnels for remote locations. I
    :put some traffic shaping rules on the internal router and they seem to
    :be working fine. I added a www traffic shaping rules to the t1 router
    :and I get very little hits to the www accesslist. I believe the traffic
    :comes in the tunels and vpn of the pix and then it comes out again.
    :from the pix thourgh the t1 router to the internet as www traffic.

    That is possible, but not common.

    The PIX through 6.x software (but not the just-just released 7.0
    software) has a limitation that disallows traffic going back out
    the same [logical] interface it came in on. Thus if the remote
    sites are requesting www traffic and those requests are travelling
    via VPN over the T1 to the PIX and being decapsulated there on
    the outside interface, then the PIX would refuse to forward those
    decapsulated packets to the outside interface towards the external
    WWW sites -- on the grounds that it was the same interface in
    both cases.

    There are ways around this which are sometimes implimented. One
    of the ways is to have the VPN tunnels terminate on a -different-
    interface of the PIX that is also connected to the T1 router;
    you would see multiple physical connections between the PIX and
    the router in such a case (unless T1 is connected to a switch
    which then has multiple connections to the PIX.)

    One of the other ways around it is to use PIX 6.3 and have the
    VPN tunnels terminate on a different "logical" interface than the
    default route. A "logical" interface in PIX terms is distinguished
    by an 802.1Q VLAN tag, but can use the same physical interface
    as another "logical" interface. If this work-around is used, then
    there might only be one physical connection to the T1 router, but
    the T1 router side would be configured with various "subinterfaces"
    of the physical interface, each "subinterface" placed in a different
    VLAN.

    --
    Usenet is like a slice of lemon, wrapped around a large gold brick.
    Walter Roberson, Apr 6, 2005
    #2
    1. Advertising

  3. Guest

    Thanks Walter, I think I got around the problem I enable traffic
    shapping in all remote routers, i have a few more to go, so far seems
    to be doing the job.
    , Apr 7, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rzirzi

    dynamic traffic shapping

    rzirzi, Nov 21, 2005, in forum: Cisco
    Replies:
    4
    Views:
    551
    Vincent C Jones
    Nov 23, 2005
  2. Replies:
    0
    Views:
    450
  3. Andrew Phillips

    Bigpond Cable Shapping (Capping) Problem

    Andrew Phillips, Apr 29, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    2,015
    Parko
    Apr 29, 2005
  4. BernieM
    Replies:
    2
    Views:
    456
    BernieM
    Jun 28, 2006
  5. mightymouse2045

    Cisco 870 traffic shapping specific host

    mightymouse2045, Sep 8, 2011, in forum: Cisco
    Replies:
    0
    Views:
    1,176
    mightymouse2045
    Sep 8, 2011
Loading...

Share This Page