Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
10
Helpful
2
Replies

IPSec/GRE QoS

Go to solution
ahmede1
Level 1
Level 1

‎01-16-2018 08:45 AM - edited ‎03-05-2019 09:46 AM

By default, IPsec/GRE will preserve the dscp/precedence marking of the data packet in the encapsulating header

Now for our design, we want to IPsec/GRE header marking to be different from the original IP packet marking. The IPsec/GRE header marking will be based on the original IP packet marking, so we need to read the IP packet marking and then based on this marking we will mark the IPsec/GRE header with different DSCP without changing the original IP packet DSCP..

Can that be done? How?

 

Thank you for your help

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-16-2018 03:07 PM

Hi

To apply a qos setting on the traffic going through your tunnel, you would need to use qos pre-classify.
Here a documentation that explains it well:
https://www.google.ca/amp/s/cisconinja.wordpress.com/2008/11/29/qos-pre-classify-in-gre-over-ipsec-vpns/amp/

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-17-2018 10:04 AM

It can be done, but unsure it can done on the same device that has the tunnel end-point (although I suspect it can).

It might be as simple as having a policy on the physical egress for the tunnel that examines the current packet's ToS marking (i.e. the IPSec/GRE packet's ToS) and then just remarks.

View solution in original post

2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-16-2018 03:07 PM

Hi

To apply a qos setting on the traffic going through your tunnel, you would need to use qos pre-classify.
Here a documentation that explains it well:
https://www.google.ca/amp/s/cisconinja.wordpress.com/2008/11/29/qos-pre-classify-in-gre-over-ipsec-vpns/amp/

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-17-2018 10:04 AM

It can be done, but unsure it can done on the same device that has the tunnel end-point (although I suspect it can).

It might be as simple as having a policy on the physical egress for the tunnel that examines the current packet's ToS marking (i.e. the IPSec/GRE packet's ToS) and then just remarks.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card