I'm not sure, but you might be able to modify the rule to match the ipsec tunnel itself (which is seen on WAN).
--Bill On Nov 14, 2007 10:41 AM, Wade Blackwell <[EMAIL PROTECTED]> wrote: > Thanks Bill, > Follow on question, what is the best way to configure QOS where > my qVOIPUp que will not get hit due to the WAN interface never being > seen as the egress? > > Wade B > > > On Nov 14, 2007 6:30 AM, Bill Marquette <[EMAIL PROTECTED]> wrote: > > Unfortunately we have no way (today) of performing QOS inside the > > tunnel. This is due to how IPSec in the FreeBSD kernel works and how > > altq works. Also, the enc(4) interface can only block traffic inbound > > to the firewall over the tunnel. > > > > --Bill > > > > > > On Nov 13, 2007 4:25 PM, Wade Blackwell <[EMAIL PROTECTED]> wrote: > > > Good afternoon folks, > > > So I have A Cisco 7960 (VOIP phone) network booting, pulling a > > > TFTP config over an IPsec tunnel. The phone can make and recieve calls > > > fine. At times when I pick up an inbound call the caller can't hear me > > > right away, this did not happen when using the Cisco ASA so I believe > > > it is QOS related.. I am noticing that my qVOIPUp que never gets > > > traffic. Is this because this que is tied to the WAN as the outbound > > > interface and the WAN never sees the private address because > > > encryption happens before QOS? If this is the case would it be > > > possible to use ENC0 or ENCX as the in/out interface instead of the > > > WAN interface? If my logic isn't totally flawed that would act like > > > Cisco's QOS pre-classification when using IPSec tunnels with time > > > sensitive data. By the way thanks to the entire team, I have been > > > using this product a long time and it is a scalable fantastic product. > > > > > > -- > > > Wade Blackwell > > > > > > "Integrity is often more painful and always more profitable than > > > perception management" > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > > Wade Blackwell > > "Integrity is often more painful and always more profitable than > perception management" > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
