[c-nsp] IPSec deployment that preserves the IP ToS information.
Kenny Sallee
k_sallee at yahoo.com
Thu May 11 16:28:09 EDT 2006
I didn't think it was default - isn't that what the
qos-preclassify command on the cryptomap is for?
--- "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
wrote:
> jimmi <> wrote on Thursday, May 11, 2006 8:02 PM:
>
> > I wonder if there's a IPSec deployment where the
> IPSec header
> > would preserve the information contained at the
> byte ToS of
> > the IP packet header, so it would be feasible
> confront this
> > value against a match statement at a
> service-police.
>
> this is default behavior for IOS Ipsec, the ToS byte
> is copied into the
> IPSec header.. check
> http://www.cisco.com/warp/public/105/crypto_qos.html
> for more info on
> this subject..
>
> oli
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cisco-nsp
mailing list