Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

IPSec deployment that preserves the IP ToS information.

mpugliese
Level 1
Level 1

‎05-11-2006 10:11 AM - edited ‎02-21-2020 02:24 PM

I wonder if there's a IPSec deployment where the IPSec header would preserve

the information contained at the byte ToS of the IP packet header, so it would be feasible confront this value against a match statement at a service-police.

Labels:
0 Helpful
1 Reply 1

aghaznavi
Level 5
Level 5

‎05-17-2006 08:58 AM

IOS IPSec implementation copies original TOS field value into the new IP header TOS field. However, PIX and VPN concentrators don't do so (just set to '0'); it means that you cannot preserve any classification settings if crossing an IPSec device wich is a PIX or a VPN concentrator (btw, both 3000 and 5000 series). IOS let you classify, apply IPSec and shape/queue.

0 Helpful
Customers Also Viewed These Support Documents