North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: GRE packets
- From: Paul G. Donner
- Date: Wed Jun 17 18:42:22 1998
At 03:23 PM 6/17/98 -0700, Danny McPherson wrote:
>Perhaps to combat this, unless I'm missing something, one could justifiably
>deploy GRE filters with source & destination addresses of the exchange
>subnets. Filtering GRE in general seems nothing more than foolish.
Or the tunnel termination addresses, which while might be tighter, would
probably make the ACLs longer or more complex.
>(we certainly allow GRE packets and expect everyone else does, too)
>> This could kill IP-GRE VPNs indiscriminately.