ASA VPN QOS

Unanswered Question
Mar 1st, 2007

Between client and server I have WAN link and on that WAN link I have QOS seted up with several trafic classes and so. If I build IPSEC VPN tunnel between client and ASA device in front of server, I guess I will lose capability to to see traffic on WAN link and my QOS will stop working.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mheusinger Thu, 03/01/2007 - 06:43

Hi,

the IPSec standard mandates, that the TOS byte of the original header is copied into the new IPSec header. After encryption the original IP packet can not be detected by an intermediate router. Thus your QoS policy can only work, if you mark different traffic classes with f.e. different DSCP values and match on those DSCP values on your WAN router.

Hope this helps!

Regards, Martin

dragec Tue, 03/13/2007 - 05:24

and where to mark packets? On client? before encryption I guess

thanks!

Actions

This Discussion