Morning all,
Without going into too much detail, I have (2) Cisco IOS devices with an Site-to-Site IPSec tunnel between them. At HQ I have a PBX, at the S/O I have a handful of IP phones.
All traffic traverses the IPSec tunnel -- web, WSUS, Citrix, and phones. Needless to say, when the users start hammering Citrix/YouTube/etc. the phones begin to sound robotic.
I'm not familiar enough with Cisco IOS QoS, but inbound QoS doesn't make sense to me which leaves outbound.
Is there a way for me to say:
-
Where would I need to apply a policy? HQ external interface? S/O external interface?
-
Do I need to specify the entire available bandwidth of each link for QoS to function, or could I just say "if the following source/destination IP addresses generate traffic -- give them X kb/s" using the "priority" command?
-
How would this policy apply given it's traversing a VPN -- does anything special need to happen so IOS can actually read the packet prior to encapsulation?
Thanks!
EDIT: This was the walk-through I used to build the IPSec tunnel in the first place - http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
No comments:
Post a Comment