â¢DSCP markings are preserved on all traffic passing through the security appliance.
â¢The security appliance does not locally mark/remark any classified traffic, but it honors the Expedited Forwarding (EF) DSCP bits of every packet to determine if it requires "priority" handling and will direct those packets to the LLQ.
â¢DiffServ marking is preserved on packets when they traverse the service provider backbone so that QoS can be applied in transit (QoS tunnel pre-classification)."
Are you looking at the packets as soon as they leave the ASA ?. If so then this is contrary to what should happen.
It may be an interaction with NAT or it could be a bug with your particular version.
I took captures before the inside interface and after the outside interface, before it hits the ASA Im seeing the DSCP correct, when it exits everything is set to 0, all I can do with DSCP is use it to make the PIX assign that traffic to the priority Queue.
I've researched bugs for my version but didn't find any, and TAC was pretty much useless when I called in :(
Yeah, I am marking them downstream from the ASA, problem is that the IP keeps changing and it's a lot of work to keep up (Internal devices get the IP via DNS) IF I could preserve the DSCP it would make my life a lot easier :)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...