This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QOS of Site-to-Site VPN Tunnels

Thanks for your help.

We have a backup application running from one site to another.   Both sides are connected via ASG 110 and ASG 120 IPSec site-to-site (s2s) VPN.   We have QOS running successfully for our normal traffic (i.e. http to web, smtp to web, etc.).  However, I am having difficulty applying QOS rules to the s2s VPN.   I am not sure how to structure them.  I have read that QOS is applied to outbound traffic, but apparently the traffic is encrypted prior to hitting the QOS.  How exactly should I go about configuring the box to apply QOS to all s2s traffic?   How would I do it for specific (i.e. Http) traffic inside the s2s tunnel.   Is there something I am missing?

Any help is appreciated!

Thanks.


This thread was automatically locked due to age.
Parents
  • I suspect the routing tables are confused because you have two VPNs established for the same networks.  You need somethiing like:

    IPSec VPN:
    {Site1.LocalNetwork.subnetA}={Site1.PublicIP}  {Site2.PublicIP}={Site2.LocalNetwork.subnetC}

    SSL VPN:
    {Site1.LocalNetwork.subnetB}={Site1.PublicIP}:443  {Site2.PublicIP}:43598={Site2.LocalNetwork.subnetD}

    Cheers - Bob
    PS What is the reason for using 43598 on one end?  How do you make that work?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I suspect the routing tables are confused because you have two VPNs established for the same networks.  You need somethiing like:

    IPSec VPN:
    {Site1.LocalNetwork.subnetA}={Site1.PublicIP}  {Site2.PublicIP}={Site2.LocalNetwork.subnetC}

    SSL VPN:
    {Site1.LocalNetwork.subnetB}={Site1.PublicIP}:443  {Site2.PublicIP}:43598={Site2.LocalNetwork.subnetD}

    Cheers - Bob
    PS What is the reason for using 43598 on one end?  How do you make that work?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data