Jeremy,
If you configure a Virtual-Tunnel interface or Virtual-Template interfaces
you can apply the service policy to these interfaces which will cause the
traffic to be affected before encryption. This of course requires a Cisco
IOS router on the remote end as well though as the source destination
applied with this type of IPsec session is "permit ip any any" for source
and destination.
The only other option that I can think of is using qos-groups applied to
isakmp profiles and doing several ipsec sessions for different source
destination pairs but you can really separate it based on application types.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
jeremy co
Sent: Saturday, March 27, 2010 10:57 PM
To: Cisco certification
Subject: any workaround for router 857 to support qos pre-classify ?
Hi Folks,
I ran into a problem of pre-classifying traffic on 857 router, the command
qos pre-classify does not exist under crypto map section. So what is the
work around to be able to apply qos policy base on original packet before
encryption occur ?
Cheers,
Jeremy
Blogs and organic groups at http://www.ccie.net
Received on Sat Mar 27 2010 - 23:18:32 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:36 ART