Hoping someone can help me, this doesn't make much sense to me and I hate that! Hope someone can tell me where and why I'm going wrong.

I've got a Vigor2820 at 2 sites with an IPSEC VPN between them. (Remote site dials into Main site)

Remote site = 192.168.1.0
Main site = 192.168.254.0

Essentially theres one person at the remote site and they use RDP over the VPN into a terminal server at the main site.

I've set QoS up at the MAIN site. Lets say I setup Class 1 as follows:
local address | remote address | diffserv | service type
192.168.1.0/255.255.255.0 | 192.168.254.0/255.255.255.0 | any | any | any
192.168.254.0/255.255.255.0 / 192.168.1.0/255.255.255.0 | any | any | any
any | any | any | ike
any | any | any | ipsec-ah
any | any | any | ipsec-esp

QoS Control is enabled and set to 'Both' with Class 1:90%, Class 2:1%, Class 3:1, Others:8%

If I then watch the online statistics on the router at the MAIN site whilst I use RDP at the remote site the inbound status show's VPN being used but the outbound status is all categorized as others and is the vast majority of traffic.. which baffles me.

Admittedly, I'm pretty new to QoS in general - I've tried any number of combinations of settings in the 'Class 1' and it's not made a whit of difference.

Any help or pointers would be appreciated.

Hi,

What services/protocols have you defined to Class 1, Class 2, Class 3?

Is it just IPSec you havce defined as Class 1?

Did you QoS inbound, outbound or both?

What is it exactly you are trying to achieve, just priority for the VPN workers traffic or just a particular service/protocol?

I know nothing about QoS, but IPSec does not go between the LAN subnets. It goes between the WAN IP's. I would have thought that to prioritise the VPN you either do it by protocol or port which means you do not have to specify the WAN IP's if they are dynamic.

Aye, just trying to prioritise VPN traffic.. but if I can't do that, essentially the only things that go over the VPN are RDP and 1 VOIP phone (Avaya).

QoS is set to Both.
Class 1 is configured as I described in original post, Class 2 and 3 are empty.

I did try adding RDP to Class 1 but when watching the outbound on the main site router everything was still classed as 'other' instead of Class 1.

By the way, I appreciate I may be going about this in a completely backwards way.. so I'll take any advice onboard..

I don't really care about QoS at the remote end, I just want the QoS at the main site to give 90% of the upload to the VPN (which also covers RDP, and 1 Avaya phone)

Even keeping it the most basic as possible by following the instructions at http://www.draytek.com/user/SupportAppnotesDetail.php?ID=200 but substituting the subnets for my subnets - when I watch the online statistics only the 'others' class is being used.

Frustrating!

That could be a potential issue with the 2820 firmware then.

How about if you just isolate RDP and SIP from any local and any remote.

Does it still show up in others then?