Re: QoS classifying with PIX and/or switch?

tato386 · ‎07-28-2003

My network setup consists of a PIX firewall connected to a switched network with the PIX in turn connected to an Internet router. The PIX is used to for both web browsing and for termination of a handful of VPN tunnels with IOS routers on the other end of the tunnels. I would like to use QoS to prioritize IPSec traffic on this setup. All the examples that I have read show how to classify the traffic (using IP precedence) and to apply the QoS policy on the Internet router. The classfying is done on the router before the IPSec process so that the ToS bytes can be copied into the IPSec packet as it is encrypted. Later the ToS is used by the CBWFQ process to guarantee bandwidth and queue priority. These examples all assume that the IPSec process and QoS are both done at the router. In my case, the IPSec is done on the PIX before the router. That means that the classifying process needs to be done either on the PIX or on the switches. My switches are a mix of 2900 and 3500 series switches. My PIX is a 515e running 6.2.2. Can any of these boxes be used to classify data?

Thanks,

Diego

nikhil_m · ‎08-01-2003

I think you can not do so.

Regds,

Nikh.

l.cabral · ‎08-29-2003

You can at least, prioritize ipsec packets on the router, so that they have a higher priority than web traffic. Use something like priority-list or class based QoS. This scheme will prioritize ipsec packets inside the router. IP precedence is used to give your packets priority in the internet, but it's just a bet, it depends on ISPs routers.