Qos VPN-IPsec

Discussion in 'Cisco' started by link, Jan 21, 2009.

  1. link

    link Guest

    Could yo send me an example of configuration of ipsec peer addresses??

    Thank you very much
     
    link, Jan 29, 2009
    #21
    1. Advertisements

  2. link

    bod43 Guest

    Well the firewalls are your ipsec peers.
    Sorry if the jargon has confised you. That is
    though the usual terminology. The router
    only sees trafic to and from the ipsec
    end addresses and not the internal addresses.
    You should therefore be able to match
    on the IPSEC endpoint addresses.


    class-map CM.voice
    match access-group ACL.CM.voice


    ip access-list ext ACL.CM.voice
    permit ip host 212.30.X.XXX(Fortinet1) host 194.30.XX.XX (Fortinet2)
    ! This will be reversed at the other end.

    policy-map PM.voice
    class CM.voice
    priority 300 ! 300k for voice
    set dscp ef ! if you like, just in case someone somewhere cares


    int se 0
    service-policy PM.voice
     
    bod43, Jan 29, 2009
    #22
    1. Advertisements

  3. link

    link Guest

    ok, thanks.

    This would be to Voip traffic (300 k).

    After i have to do one rule to data traffic, then I would to do the
    same steps (with data ipsec peers) but in priority i have to config
    less bandwitch (100 for example).

    Is correct?
     
    link, Jan 30, 2009
    #23
  4. link

    bod43 Guest

    There are an infinite number of possible queuing strategies.
    The one I suggested (LLQ) gives absolute priority of up to 300kbps
    (well set your own level depending on how many calls you have)
    for voice *AND* polices the voice to 300k. The data gets to use
    what is left over - i.e. everything if there is no voice traffic and
    at least (link bandwidth - 300k) if there is.

    I have been reading the Cisco Press CCIE written book recently and
    it is quite good on QoS. Not clear to me if it is suitable for a
    novice
    though since I have been doing this for a while.
    CCIE Routing and Switching Exam Certification Guide (Exam 350-001)
    Wendell Odom
    The book is pretty well done and I rather like it.
    There will be for sure some good material on www.cisco.com.
     
    bod43, Jan 31, 2009
    #24
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.