[c-nsp] Bandwidth limitation for IPSec

BoXeR piestaga at aster.pl
Tue Mar 15 10:41:14 EST 2005


Hi cisco-nsp!

I am in front of the problem of limiting the bandwidth for different
remote IPSec sessions to MPLS based VPNs.
Could you tell me what is the best practice when applaying the
restrictions for different types of IPSec clients.
The client can be:
- the remote IPSec-CPE router(s) connected to single IPSec-aggregator
via GRE over ISPec tunnels
- the remote PC connected to "the same" IPSec-aggregator via
Cisco-VPN-Client application.

In both cases the remote sites (PCs or CPEs) are connected VRF on
IPSec-aggregator. That VRF is dedicated to to particular customer.

If the remote IPSec-CPE bandwidth limitation can be performed basis on
the CPE's interface limitation (CPE is in my management domain) but the
problem can be with the Cisco VPN client, where the remote PC client
can send the IPSec traffic up to the bandwidth of LAN card. Which is
not the way I would like to provide the service.

I would like to be able to apply the limitation both for single
session and the whole customer ("customer" means the company that that
possess a dozen or so PCs and CPEs dedicated for remote access to VPN
and terminated within single VRF on IPSec-Aggregator).

Thanks for any ideas.
--------------------- 
Regards
Sebastian



More information about the cisco-nsp mailing list