Re: ip-prec on ipsec-tunnels

rabeder · ‎03-07-2008

hi,

i have routers, which have ip-sec tunnels.

now i want, that the router copies the original ip-prec or dscp value from the original ip packet to the layer 3 header of the ip-sec-packet.

the reason is that routers inbetween should be able to recognize for example voice packets wich are also encrypted.

thanks for help

aravindhs · ‎03-07-2008

Hi

Try this link --

What IOS are you running ?

Arav

rabeder · ‎03-07-2008

hi thanks for answer.

we use a c7606 and a 3825 in the branch.

ios: 12.4.18 in 3825 adv ip-serv

12.2.33 srb2 - the newest

the command "qos pre-classify" is only available in the tunnel - not on the physical interface.

we tried this command in the tunnel - it does not work

any idea?

this is the config:

crypto isakmp policy 1

encr x

authentication pre-share

group 5

crypto isakmp key x

crypto isakmp keepalive 10

!

crypto ipsec transform-set TSET x

256 esp-x

!

crypto ipsec profile VTI

set transform-set TSET

!

interface Tunnel119055157

bandwidth 2000

ip address 10.119.31.57 255.255.255.252

ip mtu 1500

ip flow ingress

ip flow egress

ip ospf message-digest-key 1 x

ip ospf cost 1000

ip ospf mtu-ignore

load-interval 30

tunnel source GigabitEthernet0/0.4094

tunnel destination 10.119.55.157

tunnel mode ipsec ipv4

tunnel protection ipsec profile VTI

!