ASA DSCP Preservation with IPSec

Cisco documents a feature called “DSCP Preservation” in regards to ToS Byte handling on the ASA. This basically means that the ToS Byte is left in tact as packets flow through the firewall. But what happens to the ToS Byte when a VPN is in use? The video below demonstrates that the ASA actually copies the original value found in the ToS byte into the new outer IP header for transport across the public network.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in CCIE Security, Certification, Network, Security, Technology and tagged , , , . Bookmark the permalink.

One Response to ASA DSCP Preservation with IPSec

  1. Pingback: How to Implement Priority Queuing on the ASA | PacketU

Comments are closed.