Re: [OSL | CCIE_Security] WB 5.0 - Lab #16, Ex 4.2 - Order of operations

[Tyson Scott]

If you check out this link

 

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080
133ddd.shtml

 

Notice that the rate-limiting i.e. "policing" occurs before crypto.

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto:  <mailto:tsc...@ipexpert.com> tsc...@ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat
eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com/> www.ipexpert.com

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of cristian
venegas
Sent: Thursday, February 03, 2011 3:03 PM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WB 5.0 - Lab #16, Ex 4.2 - Order of
operations

 

Folks,

 

Hi, i was going thru Lab #16, Ex 4.2 (site to site VPN, traffic goes thru
ASA, terminating router at DMZ). Basically i got thru all of it except at
the end of the exercise, where it asks for limiting the VPN inbound traffic
on the same router  where VPN is being terminated.

 

Now, if i recall correctly, and based on what i memorized from
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080
133ddd.shtml, QoS comes after decryption.

 

I did my class-map assuming that i would see the decrypted traffic, and
that's how i built it.. but after checking the DSG (and of course my policy
map counters), i find that it isnt so.


Can somebody please explain this to me like im a two year old?

 

Thank you!

 

Regards,

Cristian

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com