ip-prec on ipsec-tunnels

Unanswered Question
Mar 7th, 2008
User Badges:

hi,


i have routers, which have ip-sec tunnels.

now i want, that the router copies the original ip-prec or dscp value from the original ip packet to the layer 3 header of the ip-sec-packet.


the reason is that routers inbetween should be able to recognize for example voice packets wich are also encrypted.


thanks for help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rabeder Fri, 03/07/2008 - 07:16
User Badges:

hi thanks for answer.

we use a c7606 and a 3825 in the branch.

ios: 12.4.18 in 3825 adv ip-serv

12.2.33 srb2 - the newest

the command "qos pre-classify" is only available in the tunnel - not on the physical interface.

we tried this command in the tunnel - it does not work

any idea?

this is the config:

crypto isakmp policy 1

encr x

authentication pre-share

group 5

crypto isakmp key x

crypto isakmp keepalive 10

!

!

crypto ipsec transform-set TSET x

256 esp-x

!

crypto ipsec profile VTI

set transform-set TSET

!


!

interface Tunnel119055157

bandwidth 2000

ip address 10.119.31.57 255.255.255.252

ip mtu 1500

ip flow ingress

ip flow egress

ip ospf message-digest-key 1 x

ip ospf cost 1000

ip ospf mtu-ignore

load-interval 30

tunnel source GigabitEthernet0/0.4094

tunnel destination 10.119.55.157

tunnel mode ipsec ipv4

tunnel protection ipsec profile VTI

!



Actions

This Discussion