Simple QOS policy

Hello !

I will desrcibe what I want to achieve as simple as possible.

I have cisco 800 series router.
This router is used for 2 things:

- internet connection
- ipsec vpn with remote cisco router

I'm looking for way to implemet on this router simple qos policy that do 2 things:

- enable higher priority when connecting with specified adresses or hosts using http or https (for example: www.somesite.com )

- secure part of the bandwidth only for vpn tunnel: if the router is overloaded by traffic to internet the portion of bandwidth for vpn will not be taken.

If You have any idea or sample conf.
that would be great. Please be detailed as much as possible.

Thank you.

I would go for some CBWFQ.

Strict priority for VPN protocols (ACL 101, class-map VPN) and weighted RED for the other traffic (class-map Gold-URL and DEFAULT).

I haven't tried it but it should works... (let me know )

[code:1]access-list 101 permit ahp any any
access-list 101 permit esp any any
access-list 101 permit udp any eq isakmp any
access-list 101 permit udp any any eq isakmp
!
class-map match-any Gold-URL
match protocol http url "*firewall.cx*"
match protocol http url "*cisco.com*"
class-map match-any VPN
match access-group 101
class-map match-all DEFAULT
match any
!
policy-map LAN-IN
class Gold-URL
set ip precedence 5
class DEFAULT
set ip precedence 0
!
policy-map WAN-OUT
class VPN
priority percent 75
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 7
random-detect precedence 0 20 40 10
random-detect precedence 1 22 40 10
random-detect precedence 2 24 40 10
random-detect precedence 3 26 40 10
random-detect precedence 4 28 40 10
random-detect precedence 5 31 40 10
random-detect precedence 6 33 40 10
random-detect precedence 7 35 40 10
random-detect precedence rsvp 37 40 10
!
interface Eth0
service-policy input LAN-IN
!
interface Ser0
service-policy output WAN-OUT
[/code:1]

I just want to say that split tunneling is not a good thing.