My apologies for mistakenly sending this email to this list.


frank

Frank Renwick <frenwick@cengen.com> wrote:
Brian/Ian,
 
I learned a few things today that I'll forget by tomorrow I'm sure:
 
1. DMVPN tunnels, when the use IPSec, use IPSec transport mode.  Transport mode simply takes the IP Header of the original packet and uses that for the IP Header of the IPSec tunnel.  As such, ToS byte inheritance happens by default here.  I verified this using a DMVPN tunnel between Cisco hub and DDU spoke.
 
2. Cisco default behavior for GRE tunnels is to take the ToS byte from the payload and use that value in the ToS byte of the GRE IP Header.
 
3. The pt-to-pt IPSec offering of the DDU, using IPSec tunnel mode, has the default behavior of copying the ToS byte from the data being placed into the tunnel.
 
No quiz on this tomorrow.
 
frank