Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
1
Replies

service policy and crypto ipsec, which is first

gomez.juan
Level 1
Level 1

‎04-02-2012 10:31 AM - edited ‎03-04-2019 03:53 PM

I have this configuration in a Router 2800. I need to know what functionality is first applied: "service policy input" or  "crypto ipsec".

interface FastEthernet0/0

description Conexion LAN

ip address 10.33.84.1 255.255.255.0

speed 100

full-duplex

crypto ipsec client ezvpn PRU inside

service-policy input Data-Voice

The policy-map Data-Voice only mark the traffic for dscp.

Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎04-02-2012 11:34 AM

Hello,

According to the following document

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

in the inbound direction, the IPsec comes after the service-policy. According to the table in the document, the inbound QoS tools (classification, marking, policing) are executed first, and then the IPsec is scheduled.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents