[c-nsp] IPSec deployment that preserves the IP ToS information.
Rodney Dunn
rodunn at cisco.com
Thu May 11 16:38:10 EDT 2006
No. That allows you to match on the original ip header
information like src and dst ip.
On Thu, May 11, 2006 at 01:28:09PM -0700, Kenny Sallee wrote:
> I didn't think it was default - isn't that what the
> qos-preclassify command on the cryptomap is for?
>
> --- "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> wrote:
>
> > jimmi <> wrote on Thursday, May 11, 2006 8:02 PM:
> >
> > > I wonder if there's a IPSec deployment where the
> > IPSec header
> > > would preserve the information contained at the
> > byte ToS of
> > > the IP packet header, so it would be feasible
> > confront this
> > > value against a match statement at a
> > service-police.
> >
> > this is default behavior for IOS Ipsec, the ToS byte
> > is copied into the
> > IPSec header.. check
> > http://www.cisco.com/warp/public/105/crypto_qos.html
> > for more info on
> > this subject..
> >
> > oli
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> > http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list