06-15-2007 11:33 AM - edited 03-03-2019 05:27 PM
If doing QOS on a tunnel which is using IPSec, do you put the pre-classify command on the tunnel interface or in the policy map?
here's the config I've been given, and I notice that they've put it in 2 places.
Thanks,
Lisa Gcrypto map CRX0 10 ipsec-isakmp
description To ATL-CRX-7206A router
set peer 65.199.221.97
set transform-set TSI
match address CUSTNAME-ATLCRX
qos pre-classify
interface Tunnel1
description GRE Tunnel to Atlanta
ip address TUNNEL1_IPADDR_toATL 255.255.255.252
ip mtu 1440
qos pre-classify
06-15-2007 02:21 PM
The config is pretty correct. Generally, when using IPSec, qos-preclassify needs to be enabled under crypto map. When using GRE tunnel, it needs to be enabled on the tunnel interface. Since you are using both IPSec and GRE, hence its enabled under crypto map and tunnel interface. Thanks!
- Manoj
06-18-2007 04:58 AM
Thanks.... does this mean that the traffic gets pre-classified twice?
06-19-2007 02:41 AM
Hi,
In the fragment of config that you post don?t have the crypto-map applied to an interface... The traffic get out via this tunnel int?
Kratz
06-19-2007 04:46 AM
Hi, It is applied to the serial interface..
Thanks, Lisa G
06-19-2007 03:10 PM
Lisa,
You need to see your routing table to get the pre-classify in use.
If you use ipsec tunnel mode the pre-classify in crypto-map are in use. If your tunnel is routed via serial, the first classification is into virtual interface tunnel.
Regards,
Kratz
06-20-2007 12:02 PM
I used IPSEC and a GRE caymen tunnel and to do qos enabled the qos pre-classify command only under the crypto map.
I was able to see the packets getting matched to the policy i defined
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: