cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

QoS Configuration for site-to-site VPN in a tunnel-all configuration

L3 Networker

We run our site-to-site VPNs in a tunnel-all configuration to enforce content filters, IPS, app detection, etc.  Recently my company has selected a Internet-based learning management system for staff training.  At times it can be a bit of a bandwidth hog.  With all of the other traffic I have going through my WAN I would like to guarantee that it has a certain amount of bandwidth.  Now with physical interfaces this is pretty easy.  I have a LAN (named default-profile-lan) and WAN (named default-profile-wan) QoS profile and set aside 10ms/s on each for Class 2.  Since it is egress based I wanted to make sure that any traffic uploaded or downloaded is covered.  The issue I am struggling on relates to how I guarantee it though a site-to-site VPN tunnel.  Since the WAN interface is my ingress & egress interface for all VPN terminated traffic, would Class 2 under default-profile-wan apply for both directions or would I need to do something with guarenteed traffic on a tunnel-by-tunnel basis.  My QoS rule is structured as

NameTagsSrc. ZoneSrc. AddressSrc. UserDst. ZoneDst. AddressApplicationServiceClassSchedule
LMS Trafficnoneanyanyanyoutside64.78.147.55anyany2none

I would think that this would apply for any traffic coming from my vpn-tunnel zone or inside zone and use the default-profile-wan policy, but I could be wrong.  Can anyone shed some light on it?

Who Me Too'd this topic