Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 69051 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QOS of Site-to-Site VPN Tunnels

rmanyc
Thanks for your help.

We have a backup application running from one site to another.   Both sides are connected via ASG 110 and ASG 120 IPSec site-to-site (s2s) VPN.   We have QOS running successfully for our normal traffic (i.e. http to web, smtp to web, etc.).  However, I am having difficulty applying QOS rules to the s2s VPN.   I am not sure how to structure them.  I have read that QOS is applied to outbound traffic, but apparently the traffic is encrypted prior to hitting the QOS.  How exactly should I go about configuring the box to apply QOS to all s2s traffic?   How would I do it for specific (i.e. Http) traffic inside the s2s tunnel.   Is there something I am missing?

Any help is appreciated!

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Hello rmanyc and jamiebah, and welcome to the Astaro User BB!

    You only can apply QoS rules to traffic leaving an interface, and you cannot apply QoS to traffic inside a VPN tunnel as it all looks like IPsec traffic.  The following links to a thread discussing QoS and VPNs: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/39516

    If you know what's eating up the bandwidth, you might be able to throttle it leaving the internal interface on the receiving end.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hello rmanyc and jamiebah, and welcome to the Astaro User BB!

    You only can apply QoS rules to traffic leaving an interface, and you cannot apply QoS to traffic inside a VPN tunnel as it all looks like IPsec traffic.  The following links to a thread discussing QoS and VPNs: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/39516

    If you know what's eating up the bandwidth, you might be able to throttle it leaving the internal interface on the receiving end.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML