[c-nsp] IPSec deployment that preserves the IP ToS information.
jimmi
jimmi at netpoint.com.br
Thu May 11 17:51:00 EDT 2006
Folks.
Thanks a lot for all replies.
Best regards.
Jimmi.
---------- Original Message -----------
From: Rodney Dunn <rodunn at cisco.com>
To: Kenny Sallee <k_sallee at yahoo.com>
Cc: "Oliver Boehmer oboehmer\"" <oboehmer at cisco.com>, jimmi
<jimmi at netpoint.com.br>, cisco-nsp at puck.nether.net
Sent: Thu, 11 May 2006 16:38:10 -0400
Subject: Re: [c-nsp] IPSec deployment that preserves the IP ToS information.
> No. That allows you to match on the original ip header
> information like src and dst ip.
>
> On Thu, May 11, 2006 at 01:28:09PM -0700, Kenny Sallee wrote:
> > I didn't think it was default - isn't that what the
> > qos-preclassify command on the cryptomap is for?
> >
> > --- "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> > wrote:
> >
> > > jimmi <> wrote on Thursday, May 11, 2006 8:02 PM:
> > >
> > > > I wonder if there's a IPSec deployment where the
> > > IPSec header
> > > > would preserve the information contained at the
> > > byte ToS of
> > > > the IP packet header, so it would be feasible
> > > confront this
> > > > value against a match statement at a
> > > service-police.
> > >
> > > this is default behavior for IOS Ipsec, the ToS byte
> > > is copied into the
> > > IPSec header.. check
> > > http://www.cisco.com/warp/public/105/crypto_qos.html
> > > for more info on
> > > this subject..
> > >
> > > oli
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at
> > > http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
------- End of Original Message -------
More information about the cisco-nsp
mailing list