Terminal Services QoS

Discussion in 'Cisco' started by jjfunaz, Feb 23, 2005.

  1. jjfunaz

    jjfunaz Guest

    Hello, I need some help setting up a QoS for Terminal Services on
    several on our Routers. First let me explain our current set up. Router
    A is a 1721, with two Serial Wics. One T1 to the internet, one PtP to
    another facility. Router B is also a 1721 and getting internet through
    router A. Both Routers A and B are connecting to a Terminal Server farm
    in our Home Office which is network 12.x.x.0. Both Routers A and B are
    performing PAT and have a VPN to our Home office, but we don't want
    them pushing RDP traffic through the VPN and are connecting externally
    to the TS farm. Lately We've been having problems with a single user on
    behind router A or B that has been sucking up almost the Entire
    bandwith causing all other users to slow down considerably and
    sometimes causing other users to get disconnected. I'm looking to
    Implement a QoS so that this no longer happens and that no one user can
    suck that much Bandiwth. I've pasted the relevent configs below and
    help you can offer will be much appriciated.

    Router A

    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp xxxxxxxx address x.x.x.x
    crypto isakmp keepalive 10 2
    !
    !
    crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
    !
    crypto map to_vpn 10 ipsec-isakmp
    set peer x.x.x.x
    set transform-set to_vpn
    match address 101
    !
    !
    !
    !
    interface FastEthernet0
    description RouterA LAN
    ip address 192.168.100.1 255.255.255.0
    ip nat inside
    speed 10
    half-duplex
    !
    interface Serial0
    description Router A to Internet
    ip address x.x.x.x 255.255.255.252
    ip nat outside
    no fair-queue
    crypto map to_vpn
    !
    interface Serial1
    description Router A point to point to Router B
    ip address x.x.x.x 255.255.255.252
    no ip route-cache
    no ip mroute-cache
    service-module t1 clock source internal
    !
    ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.252
    ip nat inside source route-map nonat pool mypool overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0
    no ip http server
    ip pim bidir-enable
    !
    logging source-interface FastEthernet0
    logging x.x.x.x

    route-map nonat permit 10
    match ip address 110



    Router B

    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp xxxxxxxx address x.x.x.x
    crypto isakmp keepalive 10 2
    !
    !
    crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
    !
    crypto map to_vpn 10 ipsec-isakmp
    set peer x.x.x.x
    set transform-set to_vpn
    match address 101
    !
    !
    !
    !
    interface FastEthernet0
    description RouterB LAN
    ip address 192.168.101.1 255.255.255.0
    ip nat inside
    speed 10
    half-duplex
    !
    interface Serial0
    description Router B Poing to Point to Router A
    ip address x.x.x.x 255.255.255.252
    ip nat outside
    no fair-queue
    crypto map to_vpn
    !
    !
    ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.252
    ip nat inside source route-map nonat pool mypool overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0
    no ip http server
    ip pim bidir-enable
    !
    logging source-interface FastEthernet0
    logging x.x.x.x

    route-map nonat permit 10
    match ip address 110


    Thanks in advance for any help.
     
    jjfunaz, Feb 23, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.