• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Shaper ipsec: is it enough to specify rules for traffic inside tunnel?

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
4 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mxx
    last edited by Jul 8, 2010, 4:43 PM

    Hi,

    I have a WAN connection with 4 ipsec tunnels (site to site). The local LAN is also utilizing this connection for a tiny bit.
    The remote locations have access to a file and sql server in the local lan.

    Is it enough to shape traffic into higher priority queues originating from those tunnels, i.e. specify shaping fw rules for interface ipsec, or would I also have to shape ESP traffic as a whole?

    Also would I have to shape traffic coming in from lan destined for a host reachable by an ipsec tunnel? I ask because the LAN interface's shaper is limiting the bandwidth for LAN to the sum of all available WAN connections, so in my understanding it would make some sense to do that, or am I wrong?

    Thanks very much!

    Max

    1 Reply Last reply Reply Quote 0
    • J
      jlepthien
      last edited by Sep 29, 2010, 8:41 PM

      IMHO when shaping IPSec only the complete tunnel (ESP) is done. You cannot say that you want Citrix/RDP in a tunnel to be high prio and then http/s be lower prio in that tunnel…

      | apple fanboy | music lover | network and security specialist | in love with cisco systems |

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by Sep 30, 2010, 12:02 PM

        You can shape inside tunnels.

        1 Reply Last reply Reply Quote 0
        • J
          jlepthien
          last edited by Sep 30, 2010, 12:04 PM

          And how? Thanks for the info…

          | apple fanboy | music lover | network and security specialist | in love with cisco systems |

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received