03-07-2008 06:02 AM - edited 03-03-2019 09:01 PM
hi,
i have routers, which have ip-sec tunnels.
now i want, that the router copies the original ip-prec or dscp value from the original ip packet to the layer 3 header of the ip-sec-packet.
the reason is that routers inbetween should be able to recognize for example voice packets wich are also encrypted.
thanks for help
03-07-2008 06:51 AM
Hi
Try this link --
http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qstclpkt.html#wp1076281
What IOS are you running ?
Arav
03-07-2008 07:16 AM
hi thanks for answer.
we use a c7606 and a 3825 in the branch.
ios: 12.4.18 in 3825 adv ip-serv
12.2.33 srb2 - the newest
the command "qos pre-classify" is only available in the tunnel - not on the physical interface.
we tried this command in the tunnel - it does not work
any idea?
this is the config:
crypto isakmp policy 1
encr x
authentication pre-share
group 5
crypto isakmp key x
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set TSET x
256 esp-x
!
crypto ipsec profile VTI
set transform-set TSET
!
!
interface Tunnel119055157
bandwidth 2000
ip address 10.119.31.57 255.255.255.252
ip mtu 1500
ip flow ingress
ip flow egress
ip ospf message-digest-key 1 x
ip ospf cost 1000
ip ospf mtu-ignore
load-interval 30
tunnel source GigabitEthernet0/0.4094
tunnel destination 10.119.55.157
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide