Cisco VPN Client setting QoS DSCP 0

Unanswered Question
May 28th, 2009
User Badges:


I am experiencing the following issue:

- I have an Avaya IP Softphone at my users Notebooks, that when connected directly to the PBX, and I sniff my notebook using Wireshark, I can see the packets are correctly marked with DSCP 46. But when I connect using the VPN Cisco Client, at the user notebook, for some reason the Cisco VPN Client, "remarks" any packet sent to the tunnel with DSCP 0 . This is causing my VoIP network over VPN to have issues. I didn't have these problems before with CheckPoint. Any ideia what might be happenning ? Is it a parameter at my ASA 5540 that is telling the VPN Client to remark any packet to DSCP 0 ? Why can't the Cisco VPN Client just send the packets to the tunnel with the original marking ?

Attached are two session captured, showing the problem. On with CheckPoint VPN Client, working fine! ANd the other with Cisco VPN Client setting the DSCP to 0 , before tunnelating it.

Thanks in advance for your time and help!

Delcio Torres

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Thu, 06/04/2009 - 11:26
User Badges:
  • Silver, 250 points or more

The security appliance does not locally mark/remark any classified traffic, but it honors the Expedited Forwarding (EF) DSCP bits of every packet to determine if it requires "priority" handling and will direct those packets to the LLQ.

delciotorres Wed, 06/10/2009 - 08:55
User Badges:

The issue is that the client is remarking, not the security appliance.


This Discussion