Prioritize/Precedence VPN Traffic

[Bubbalouie]

Hi,

I have a PIX 506e running Version 6.3(5).

I have 9 site-to-site vpn's terminating on it.

I would like to prioritize the vpn traffic from those sites above other traffic coming in or going out, especially the RDP traffic.

Is there a command in 6.3(5) I can accomplish that with?

Thanks!

 

[Bubbalouie]

also, and this is kinda off topic, but...

when i look at the PDM it shows i have 9 ike tunnels and 16 ipsec tunnels. what is the difference between the two? i do have 9 site-to-site vpn's on the PIX.

thanks!

 

[North323]

you can do policy based routing based on the IP address of the source and/or destination google policy based routing cisco and get tons of examples.

off topic

ike is Internet Key Exchange. your tunnels have pre-shared keys and they are exchanging them so the tunnel remains up, this is phase 1, which includes:
- verify peer
- verify policy (what encryption/hash)
- verify password (pre-shared)

after those 3 have been confirmed, phase 2 begins which is the IPSec tunnel which works at layer 3 in the OSI stack. why you have 9 ike tunnels is for the key exchange portion the 16 IPSec tunnels are the actual VPN tunnel in which data flows through.

 

[Supergrrover]

There is no PBR on PIX or ASA.

For QOS you will need ver 7 software. The 506 doesn't support it. Time to upgrade???

This example uses VOIP but yuo can extend it to all traffic -

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[Bubbalouie]

Yeah, supposed to be getting a full network refresh this year when we move to VoIP system at all locations.

Both vendors have proposed an ASA 5510.