Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

service policy and crypto ipsec, which is first

I have this configuration in a Router 2800. I need to know what functionality is first applied: "service policy input" or  "crypto ipsec".

interface FastEthernet0/0

description Conexion LAN

ip address 10.33.84.1 255.255.255.0

speed 100

full-duplex

crypto ipsec client ezvpn PRU inside

service-policy input Data-Voice

The policy-map Data-Voice only mark the traffic for dscp.

1 REPLY
Cisco Employee

service policy and crypto ipsec, which is first

Hello,

According to the following document

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

in the inbound direction, the IPsec comes after the service-policy. According to the table in the document, the inbound QoS tools (classification, marking, policing) are executed first, and then the IPsec is scheduled.

Best regards,

Peter

191
Views
0
Helpful
1
Replies
CreatePlease login to create content