[c-nsp] IPSec deployment that preserves the IP ToS information.

Rodney Dunn rodunn at cisco.com
Thu May 11 16:38:10 EDT 2006


No. That allows you to match on the original ip header
information like src and dst ip.

On Thu, May 11, 2006 at 01:28:09PM -0700, Kenny Sallee wrote:
> I didn't think it was default - isn't that what the
> qos-preclassify command on the cryptomap is for?
> 
> --- "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> wrote:
> 
> > jimmi <> wrote on Thursday, May 11, 2006 8:02 PM:
> > 
> > > I wonder if there's a IPSec deployment where the
> > IPSec header
> > > would preserve the information contained at the
> > byte ToS of
> > > the IP packet header, so it would be feasible
> > confront this
> > > value against a match statement at a
> > service-police.
> > 
> > this is default behavior for IOS Ipsec, the ToS byte
> > is copied into the
> > IPSec header.. check
> > http://www.cisco.com/warp/public/105/crypto_qos.html
> > for more info on
> > this subject..
> > 
> > 	oli
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> > http://puck.nether.net/pipermail/cisco-nsp/
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list