Last I heard from JTAC, this was still not available with no ETA. Even with several high profile enterprises requesting it.
-Ben On Wednesday, August 10, 2011, Andrew Jones <and...@commitconfirmed.com> wrote: > Hi, > > I've got an SRX240 runing 10.4R4.5 running at a brach site serving as > the site gateway and I figure out a way to write DSCP values before traffic > is encrypted into an IPSec VPN due to the SRX being the only device at the > site. The only place I can apply outbound DSCP marking is on the Interface > that the IPSec VPN lies, since you can't configure dscp rewrites on the > st0.x interfaces. This works okay since the IPSec packet is marked and > scheduled correctly, but once the traffic makes it to the other site and is > decrypted, the DSCP marking is lost and needs to be re-marked again. It also > makes it hard to audit how much traffic is being put into each class when > doing J-Flow exports, or if certain types of traffic are being marked > correctly. > > Has anyone else got a similar setup or experienced and fixed this issue? I'm > currently terminating VPN's on the physical interface itself, could I > potentially move this to a vlan.x interface and perform outbound DSCP > marking there? > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp