Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

QoS over IPSec

We have four different sites connected over public network; Therefore, we are running site-to-site VPN tunnel to encrypt the data. Now we are ready to deploy Voice over VPN between four sites (CM Clusters are already deployed in all the locations).

I know the follwoing:

Standard IPSec copies the Type of Service (ToS) byte from the original IP

header of the Voice-over-IP packet to the new IP header added by IPSec. So

the original packet priority is preserved even after encryption.

However, My question is....

Can we do it on our current PIX firewalls?

what is the right code that we need ?

Does it work right w/single DES?

Any help Would be appreciated



New Member

Re: QoS over IPSec


It should work with the PIX and multiservice VPN enabled routers that you have deployed. Do you have the VPN established over the same backbone for instance are the edge internet circuits from the same ISP? LLQ is pretty important and the packet has to be recognized as a high priority packet through out the path so the ISP has to be Cisco certified for instance sprint was one of the first one to acknowledge the qos parameters on their equipment. It should work with DES or 3DES, but consider DES if there are latency issues already.


New Member

Re: QoS over IPSec

Thanks for your replay Faisal,

Yes they are all connected through same ISP (ATT).