Re: [nsp] IPSec and ToS bits ?

From: Jorma Mellin (jorma.mellin@teliafi.net)
Date: Tue Jun 12 2001 - 01:10:39 EDT


> I have been looking at CCO trying to find something that states for
> certain that in an IPSec environment the original ToS bit of the
> un-encrypted traffic get tagged onto the encrypted packet.
>
> I know that the PIX and the VPN5000 does I just want to be certain for the
> IOS based systems.

yep, this works. The TOS is copied, although in some IOS versions interface
packet counters do not display precedence settings correctly.

Jorma



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:41 EDT