I need to ensure that traffic between the end-points of a satellite network is properly DSCP marked, in both directions.
For example, a PC at a remote site sends SMTP traffic to a central "server" via a satellite link and the packets destined for the central server are marked DSCP AF41 at the remote-site.
How do I ensure that any traffic from the central "server" back to the remote-site PC is also marked DSCP AF41? Is it through the use of an "established" keyword or something to that effect?
Or, alternatively, (my current strategy) create and assign an access- list that is essentially the "opposite" of the access-list at the remote-site to the router at the central site. My current strategy, using an "opposite" ACL that reverses source and destination and the associated ports seems a bit kludge; I suspect there must be a better way.