Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
41424344454647484950
51
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
Using QoS
Note This section applies to VPN modules running Cisco IOS Release 12.2(14)SY or later releases.
The VPN module uses the QoS capabilities of the Catalyst 6500 series switches and Cisco 7600 Series
Internet Router software. Before configuring QoS for the VPN module, refer to this URL:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008014a29f.shtml
The VPN module supports two-level, strict-priority QoS (high priority versus low priority). To take
advantage of the VPN module’s QoS capability, you must use standard QoS commands to ensure that
the CoS of packets are marked on ingress. You must configure the CoS map for the VPN module inside
and outside ports. The VPN module behaves according to the settings of the inside and outside ports.
You must enable QoS globally for the VPN module to acknowledge the CoS mapping.
For example, if the CoS map of the inside and outside ports map CoS value 5 to the high-priority queue
and you have globally enabled QoS, the VPN module will give traffic marked CoS 5 higher priority than
traffic marked with any of the other seven CoS values. If you alter the CoS map of the inside and outside
ports so that CoS 6 additionally maps to the high-priority queue, then packets marked with either CoS 5
or CoS 6 will be given higher priority within the VPN module.
As many as three high-priority CoS map values are supported per VPN module. When global QoS is
enabled, the CoS value of 5 is preconfigured. This allows you to add only two more values in addition
to the preconfigured CoS 5 value. For QoS configuration examples, see the “QoS” section on page 94.
Port Configuration Procedures
These sections describe how to configure the VPN module:
Configuring a VPN Access Port Connection, page 52
Configuring a VPN Routed Port Connection, page 54
Configuring a VPN Trunk Port Connection, page 55
Displaying the VPN Running State, page 58
Note The procedures in this section do not provide detailed information on configuring the following Cisco
IOS features: IKE policies, preshared key entries, Cisco IOS ACLs, and crypto maps. For detailed
information on configuring these features, refer to the following Cisco IOS documentation:
Cisco IOS Security Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/index.htm
Cisco IOS Security Command Reference, Release 12.2, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm